Critical severity9.8NVD Advisory· Published Jun 5, 2018· Updated Jun 17, 2026
CVE-2018-11554
CVE-2018-11554
Description
The forgotten-password feature in index.php/member/reset/reset_email.html in YzmCMS v3.2 through v3.7 has a Response Discrepancy Information Exposure issue and an unexpectedly long lifetime for a verification code, which makes it easier for remote attackers to hijack accounts via a brute-force approach.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
1- github.com/littleheary/-YzmCMS-User-Traversal-Vulnerability/blob/master/README.mdnvdThird Party Advisory
News mentions
0No linked articles in our index yet.