Vulnerabilities > Yzmcms > Yzmcms > 6.3

DATE CVE VULNERABILITY TITLE RISK
2022-03-10 CVE-2022-23383 Improper Authentication vulnerability in Yzmcms 6.3
YzmCMS v6.3 is affected by broken access control.
network
low complexity
yzmcms CWE-287
6.4
6.4
2022-02-15 CVE-2022-23384 Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 6.3
YzmCMS v6.3 is affected by Cross Site Request Forgery (CSRF) in /admin.add
network
yzmcms CWE-352
6.8
6.8
2022-01-28 CVE-2022-23887 Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 6.3
YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily delete user accounts via /admin/admin_manage/delete.
network
yzmcms CWE-352
4.3
4.3
2022-01-28 CVE-2022-23888 Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 6.3
YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgey (CSRF) via the component /yzmcms/comment/index/init.html.
network
yzmcms CWE-352
6.8
6.8
2022-01-28 CVE-2022-23889 Uncontrolled Recursion vulnerability in Yzmcms 6.3
The comment function in YzmCMS v6.3 was discovered as being able to be operated concurrently, allowing attackers to create an unusually large number of comments.
network
low complexity
yzmcms CWE-674
5.0
5.0