2 matches found
CVE-2023-37131
A Cross-Site Request Forgery CSRF in the component /public/admin/profile/update.html of YznCMS v1.1.0 allows attackers to arbitrarily change the Administrator password via a crafted POST request...
CVE-2023-37131
YznCMS v1.1.0 is affected by a CSRF in the /public/admin/profile/update.html component. A crafted POST request can change the Administrator password, compromising admin access. Public references across CNVD/NVD/CVE entries confirm the vulnerability exists in this specific endpoint; no official pa...