CVE-2019-16678

Name of the Vulnerable Software and Affected Versions YzmCMS version 5.3

Description The issue in YzmCMS allows for a Cross-Site Request Forgery (CSRF) attack, which can lead to a denial of service. This occurs when an attacker can add a superseding route, affecting the system's functionality. The attack vector is through the 'admin/urlrule/add.html' page.

Recommendations For YzmCMS version 5.3, consider implementing CSRF protection mechanisms to prevent such attacks, such as token-based validation for each request. As a temporary workaround, restrict access to the 'admin/urlrule/add.html' page to minimize the risk of exploitation.