CVE-2023-37131
MEDIUMYznCMS 1.1.0 - Cross-Site Request Forgery in Admin Profile Update
Title source: llmDescription
A Cross-Site Request Forgery (CSRF) in the component /public/admin/profile/update.html of YznCMS v1.1.0 allows attackers to arbitrarily change the Administrator password via a crafted POST request.
References (1)
Core 1
Core References
Exploit, Issue Tracking
https://github.com/ken678/yzncms/issues/2
Scores
CVSS v3
6.5
EPSS
0.0021
EPSS Percentile
11.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-352
Status
published
Products (1)
yzncms/yzncms
1.1.0
Published
Jul 06, 2023
Tracked Since
Feb 18, 2026