CVE-2022-23887

Publication date

2022-01-28 20:44:58

Family

mitre

State

PUBLISHED

Description

YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily delete user accounts via /admin/admin_manage/delete.