CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23383
https://notcve.org/view.php?id=CVE-2022-23383
YzmCMS v6.3 is affected by broken access control. Without login, unauthorized access to the user's personal home page can be realized. It is necessary to judge the user's login status before accessing the personal home page, but the vulnerability can access other users' home pages through the non login status because real authentication is not carried out. YzmCMS versión v6.3, está afectado por un control de acceso roto. Sin el acceso, puede realizarse un acceso no autorizado a la página personal del usuario. • http://yzmcms.com https://down.chinaz.com/soft/37810.htm https://www.cnvd.org.cn/user/myreport/6499961 • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23384
https://notcve.org/view.php?id=CVE-2022-23384
YzmCMS v6.3 is affected by Cross Site Request Forgery (CSRF) in /admin.add YzmCMS versión v6.3, está afectado por una vulnerabilidad de tipo Cross Site Request Forgery (CSRF) en el archivo /admin.add • https://github.com/yzmcms/yzmcms/issues/58 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23889
https://notcve.org/view.php?id=CVE-2022-23889
The comment function in YzmCMS v6.3 was discovered as being able to be operated concurrently, allowing attackers to create an unusually large number of comments. Se ha detectado que la función comment en YzmCMS versión v6.3, podía ser operada concurrentemente, permitiendo a atacantes crear un número inusualmente grande de comentarios • https://github.com/yzmcms/yzmcms/issues/61 • CWE-674: Uncontrolled Recursion •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23888
https://notcve.org/view.php?id=CVE-2022-23888
YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgey (CSRF) via the component /yzmcms/comment/index/init.html. Se ha detectado que YzmCMS versión v6.3 contiene una vulnerabilidad de tipo Cross-Site Request Forgey (CSRF) por medio del componente /yzmcms/comment/index/init.html • https://github.com/yzmcms/yzmcms/issues/60 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23887
https://notcve.org/view.php?id=CVE-2022-23887
YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily delete user accounts via /admin/admin_manage/delete. Se ha detectado que YzmCMS versión v6.3, contiene una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) que permite a atacantes eliminar arbitrariamente cuentas de usuario por medio del componente /admin/admin_manage/delete • https://github.com/yzmcms/yzmcms/issues/59 • CWE-352: Cross-Site Request Forgery (CSRF) •