CVE-2022-45276
Description
YJCMS v1.0.9 exposes admin credentials via an unprotected user_edit.html endpoint, allowing unauthenticated account compromise.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
YJCMS v1.0.9 exposes admin credentials via an unprotected user_edit.html endpoint, allowing unauthenticated account compromise.
Vulnerability
YJCMS v1.0.9, an open-source PHP CMS based on ThinkPHP 5.0.24, contains an incorrect access control vulnerability in the /index/user/user_edit.html component [1]. When an unauthenticated attacker visits this URL, the application returns the system user account and password (MD5 encrypted) without requiring any authentication [1]. Affected versions include v1.0.9 and possibly earlier releases, as the developer repository contains the vulnerable code [1].
Exploitation
An attacker with network access to the target YJCMS instance can simply send a GET request to the vulnerable URL, e.g., http://target/index/user/user_edit.html [1]. No authentication, session token, or prior interaction is needed. The response directly contains the administrator username and password (MD5 hash). The attacker then cracks the MD5 password (e.g., using online tools or dictionary attacks) and logs in via /user_login.html with the recovered credentials [1].
Impact
Successful exploitation gives the attacker full administrative access to the YJCMS web application. With administrator credentials, the attacker can modify site content, access backend management functions, and potentially pivot to further attacks such as SQL injection or file uploads if those features are exposed in the admin panel. The confidentiality of all user accounts and sensitive site data is compromised, and the attacker gains the highest privilege level on the CMS.
Mitigation
As of the publication date (2022-11-23) and the latest available reference [1], no official patch or fixed version has been released by the vendor. The YJCMS repository on GitHub does not indicate a security update addressing this issue. Users should consider implementing a web application firewall (WAF) rule to block unauthenticated access to /index/user/user_edit.html, or manually add authentication checks in the controller code. If the software is no longer maintained, migration to an alternative, actively-supported CMS is recommended. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog as of the knowledge cutoff.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- YJCMS/YJCMSdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
News mentions
0No linked articles in our index yet.