Yzmcms is an open source CMS (Content Management System) for Yzmcms personal developers. v6.3 of Yzmcms contains an access control error vulnerability that stems from the application’s lack of user login status authentication before accessing a personal homepage. An attacker could use this vulnerability to construct a special request to access another user’s home page without login status and obtain sensitive information.
CPE | Name | Operator | Version |
---|---|---|---|
yzmcms yzmcms v | eq | 6.3 |