CVE Vulnerabilities

CVE-2022-45276

Direct Request ('Forced Browsing')

Published: Nov 23, 2022 | Modified: Nov 21, 2024
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

An issue in the /index/user/user_edit.html component of YJCMS v1.0.9 allows unauthenticated attackers to obtain the Administrator account password.

Weakness

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

Affected Software

Name Vendor Start Version End Version
Yjcms Eyunjing 1.0.9 (including) 1.0.9 (including)

Potential Mitigations

References