YzmCMS v6.3 is affected by broken access control. Without login, unauthorized access to the user's personal home page can be realized. It is necessary to judge the user's login status before accessing the personal home page, but the vulnerability can access other users' home pages through the non login status because real authentication is not carried out.
References
Link | Resource |
---|---|
http://yzmcms.com | Vendor Advisory |
https://down.chinaz.com/soft/37810.htm | Product Third Party Advisory |
https://www.cnvd.org.cn/user/myreport/6499961 | Permissions Required Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-03-07T15:15:58
Updated: 2022-03-07T15:15:58
Reserved: 2022-01-18T00:00:00
Link: CVE-2022-23383
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-03-10T17:45:51.847
Modified: 2022-03-15T20:10:17.873
Link: CVE-2022-23383
JSON object: View
Redhat Information
No data.
CWE