Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
YzmCMS v6.3 is affected by broken access control. Without login, unauthorized access to the user's personal home page can be realized. It is necessary to judge the user's login status before accessing the personal home page, but the vulnerability can access other users' home pages through the non login status because real authentication is not carried out.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Yzmcms 授权问题漏洞
Vulnerability Description
Yzmcms是Yzmcms个人开发者的一套开源的CMS(内容管理系统)。 Yzmcms v6.3版本存在安全漏洞,该漏洞源于应用存在访问控制中断问题,在访问个人主页前缺少用户登录状态认证。攻击者可以通过构造特殊的请求利用该漏洞实现非登录状态访问其他用户的主页并获取敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A