VYPR
Unrated severityNVD Advisory· Published Mar 7, 2022· Updated Aug 3, 2024

CVE-2022-23383

CVE-2022-23383

Description

YzmCMS v6.3 is affected by broken access control. Without login, unauthorized access to the user's personal home page can be realized. It is necessary to judge the user's login status before accessing the personal home page, but the vulnerability can access other users' home pages through the non login status because real authentication is not carried out.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Yzmcms/Yzmcmscpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: =6.3

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.