CVE-2022-23383

Source
https://cve.org/CVERecord?id=CVE-2022-23383
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23383.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-23383
Published
2022-03-07T15:15:58Z
Modified
2026-07-10T04:01:06.738149821Z
Summary
[none]
Details

YzmCMS v6.3 is affected by broken access control. Without login, unauthorized access to the user's personal home page can be realized. It is necessary to judge the user's login status before accessing the personal home page, but the vulnerability can access other users' home pages through the non login status because real authentication is not carried out.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/23xxx/CVE-2022-23383.json",
    "cna_assigner": "mitre"
}
References

Affected packages

Git / github.com/yzmcms/yzmcms

Affected ranges

Type
GIT
Repo
https://github.com/yzmcms/yzmcms
Events
Database specific
{
    "source": "CPE_STRING",
    "cpe": "cpe:2.3:a:yzmcms:yzmcms:6.3:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "6.3"
        },
        {
            "last_affected": "6.3"
        }
    ]
}

Affected versions

6.*
6.3
v6.*
v6.3

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23383.json"