PT-2022-15966 · Yzmcms · Yzmcms

Published

2022-03-07

Updated

2022-03-15

CVE-2022-23383

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions YzmCMS version 6.3

Description The issue allows unauthorized access to a user's personal home page without requiring a login. Normally, the system should check the user's login status before granting access to the personal home page. However, due to the lack of real authentication, it is possible to access other users' home pages without being logged in.

Recommendations For YzmCMS version 6.3, ensure that proper authentication is implemented to check the user's login status before accessing the personal home page. As a temporary workaround, consider restricting access to the personal home page until a proper fix is applied.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2022-23383

Affected Products

Yzmcms

PT-2022-15966 · Yzmcms · Yzmcms

CVE-2022-23383

Weakness Enumeration

Related Identifiers

Affected Products

References · 5