First published: Thu Mar 10 2022(Updated: )
YzmCMS v6.3 is affected by broken access control. Without login, unauthorized access to the user's personal home page can be realized. It is necessary to judge the user's login status before accessing the personal home page, but the vulnerability can access other users' home pages through the non login status because real authentication is not carried out.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Yzmcms Yzmcms | =6.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.