Login Sign Up

CVE-2020-23595

8.8 HIGH
Authentication Bypass CSRF

📋 TL;DR

A Cross-Site Request Forgery (CSRF) vulnerability in yzmcms version 5.6 allows attackers to trick authenticated administrators into performing unauthorized actions via the sitemodel/add.html endpoint. This can lead to privilege escalation and information disclosure. Only yzmcms 5.6 installations with administrative interfaces accessible to attackers are affected.

💻 Affected Systems

Products:
  • yzmcms
Versions: 5.6
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires an authenticated administrator session and access to the administrative interface.

📦 What is this software?

Yzmcms by Yzmcms

View all CVEs affecting Yzmcms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain administrative privileges, modify site content, steal sensitive data, or install backdoors for persistent access.

🟠

Likely Case

Attackers create malicious site models or modify existing ones to inject malicious content, redirect users, or steal session cookies.

🟢

If Mitigated

With proper CSRF protections, attackers cannot force authenticated users to execute unauthorized actions, limiting impact to user education failures.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires social engineering to trick an authenticated admin into clicking a malicious link.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.7 or later

Vendor Advisory: https://github.com/yzmcms/yzmcms/issues/47

Restart Required: No

Instructions:

1. Backup your current installation. 2. Download yzmcms 5.7 or later from the official repository. 3. Replace the affected files, particularly those related to sitemodel/add.html. 4. Verify CSRF tokens are implemented in all forms.

🔧 Temporary Workarounds

Implement CSRF Protection

all

Add CSRF tokens to all forms and validate them on the server side.

Modify form templates to include CSRF tokens and update backend validation logic.

Restrict Admin Access

all

Limit administrative interface access to trusted IP addresses or VPN.

Configure web server (e.g., Apache .htaccess or Nginx config) to allow only specific IPs to /admin/ paths.

🧯 If You Can't Patch

  • Implement strict SameSite cookie policies and Content Security Policy (CSP) headers.
  • Educate administrators to log out of admin sessions when not in use and avoid clicking untrusted links.

🔍 How to Verify

Check if Vulnerable:

Check if yzmcms version is 5.6 and if sitemodel/add.html endpoint lacks CSRF token validation.

Check Version:

Check the version in the yzmcms admin panel or inspect the source code for version markers.

Verify Fix Applied:

Confirm version is 5.7 or later and test that sitemodel/add.html requires valid CSRF tokens.

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests to sitemodel/add.html without referrer headers or from unexpected IPs.
  • Multiple failed CSRF token validations in logs.

Network Indicators:

  • HTTP requests to sitemodel/add.html with missing or invalid CSRF tokens.

SIEM Query:

source="web_logs" AND uri="/sitemodel/add.html" AND method="POST" AND csrf_token=""

📊 Metadata

CVE ID: CVE-2020-23595
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-352
Published: August 11, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-23595, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)