CVE-2022-23383

YzmCMS v6.3 is affected by broken access control. Without login, unauthorized access to the user's personal home page can be realized. It is necessary to judge the user's login status before accessing the personal home page, but the vulnerability can access other users' home pages through the non login status because real authentication is not carried out.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
VendorProductVersion
yzmcmsyzmcms
6.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://yzmcms.com
https://down.chinaz.com/soft/37810.htm
https://www.cnvd.org.cn/user/myreport/6499961
http://yzmcms.com
https://down.chinaz.com/soft/37810.htm
https://www.cnvd.org.cn/user/myreport/6499961