{"id":"CVE-2022-23887","details":"YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily delete user accounts via /admin/admin_manage/delete.","modified":"2026-07-08T06:00:53.363305646Z","published":"2022-01-28T20:44:58Z","database_specific":{"cna_assigner":"mitre","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/23xxx/CVE-2022-23887.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/23xxx/CVE-2022-23887.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23887"},{"type":"REPORT","url":"https://github.com/yzmcms/yzmcms/issues/59"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/yzmcms/yzmcms","events":[{"introduced":"5e421474dac3b71a29e12b61f0f0d1dbfb14ae36"},{"last_affected":"5e421474dac3b71a29e12b61f0f0d1dbfb14ae36"}],"database_specific":{"source":"CPE_STRING","extracted_events":[{"introduced":"6.3"},{"last_affected":"6.3"}],"cpe":"cpe:2.3:a:yzmcms:yzmcms:6.3:*:*:*:*:*:*:*"}}],"versions":["6.3","v6.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23887.json"}}],"schema_version":"1.7.5"}