Vulnerabilities > Yzmcms > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-10 | CVE-2022-23383 | Improper Authentication vulnerability in Yzmcms 6.3 YzmCMS v6.3 is affected by broken access control. | 9.1 |
| 2018-06-05 | CVE-2018-11554 | Information Exposure vulnerability in Yzmcms The forgotten-password feature in index.php/member/reset/reset_email.html in YzmCMS v3.2 through v3.7 has a Response Discrepancy Information Exposure issue and an unexpectedly long lifetime for a verification code, which makes it easier for remote attackers to hijack accounts via a brute-force approach. | 9.8 |