17 matches found
EUVD-2022-28812
Malicious code in bioql PyPI...
Improper access control
YzmCMS v6.3 is affected by broken access control. Without login, unauthorized access to the user's personal home page can be realized. It is necessary to judge the user's login status before accessing the personal home page, but the vulnerability can access other users' home pages through the non...
CVE-2022-23383
YzmCMS v6.3 is affected by broken access control. Without login, unauthorized access to the user's personal home page can be realized. It is necessary to judge the user's login status before accessing the personal home page, but the vulnerability can access other users' home pages through the non...
CVE-2022-23384
YzmCMS v6.3 is affected by Cross Site Request Forgery CSRF in /admin.add...
Cross site request forgery (csrf)
YzmCMS v6.3 is affected by Cross Site Request Forgery CSRF in /admin.add...
CVE-2022-23384
YzmCMS v6.3 is affected by Cross Site Request Forgery CSRF in /admin.add...
CVE-2022-23384
YzmCMS v6.3 is affected by a Cross Site Request Forgery (CSRF) vulnerability in /admin.add. The CVE entry (CVE-2022-23384) is described across multiple sources as facilitating CSRF, enabling an attacker to spoof requests from victims and potentially trigger sensitive actions. The NVD metrics show...
CVE-2022-23384
YzmCMS v6.3 is affected by Cross Site Request Forgery CSRF in /admin.add...
CVE-2022-23887
YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgery CSRF which allows attackers to arbitrarily delete user accounts via /admin/adminmanage/delete...
CVE-2022-23889
The comment function in YzmCMS v6.3 was discovered as being able to be operated concurrently, allowing attackers to create an unusually large number of comments...
Cross site request forgery (csrf)
YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgery CSRF which allows attackers to arbitrarily delete user accounts via /admin/adminmanage/delete...
Code injection
The comment function in YzmCMS v6.3 was discovered as being able to be operated concurrently, allowing attackers to create an unusually large number of comments...
CVE-2022-23889
The comment function in YzmCMS v6.3 was discovered as being able to be operated concurrently, allowing attackers to create an unusually large number of comments...
CVE-2022-23889
The comment function in YzmCMS v6.3 was discovered as being able to be operated concurrently, allowing attackers to create an unusually large number of comments...
CVE-2022-23887
CVE-2022-23887: YzmCMS v6.3 is affected by a Cross-Site Request Forgery (CSRF) that lets an attacker delete user accounts via /admin/admin_manage/delete. Root cause is CSRF vulnerability; exploitation details are not provided in the documents. No remediation/fix is specified in the provided data....
CVE-2022-23887
YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgery CSRF which allows attackers to arbitrarily delete user accounts via /admin/adminmanage/delete...
CVE-2022-23887
YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgery CSRF which allows attackers to arbitrarily delete user accounts via /admin/adminmanage/delete...