Laker

**Name of the Vulnerable Software and Affected Versions** yzCMS version 2.0 **Description** A Cross Site Request Forgery issue allows a remote attacker to execute arbitrary code via the `token check function`. **Recommendations** For yzCMS version 2.0, update to a version that fixes the token check function issue to prevent Cross Site Request Forgery attacks.

**Name of the Vulnerable Software and Affected Versions** YzmCMS version 5.3 **Description** The issue in YzmCMS allows for a Cross-Site Request Forgery (CSRF) attack, which can lead to a denial of service. This occurs when an attacker can add a superseding route, affecting the system's functionality. The attack vector is through the 'admin/urlrule/add.html' page. **Recommendations** For YzmCMS version 5.3, consider implementing CSRF protection mechanisms to prevent such attacks, such as token-based validation for each request. As a temporary workaround, restrict access to the 'admin/urlrule/add.html' page to minimize the risk of exploitation.