A cross site request forgery (CSRF) vulnerability in the /xyhai.php?s/Auth/editUser URI of XYHCMS V3.6 allows attackers to edit any information of the administrator such as the name, e-mail, and password.
Publication date: Thu, 08 Jul 2021 21:15:00 +0000