I don't know if it is not "vulnerability". There is this feeling when you modify the background today.
In the home page of the CBS, some areas are included in the static HTML file, which can be modified in the background management (simple textarea direct modification). Currently, these modifications to the content displayed on the home page are in the category of "Cool Topic Management".
However, I found this feature no second authentication, that is, if you log in to the background, no one can modify the first page. For example, document management, advertising management, etc., there is a second authentication, and determine whether there is operational permissions based on the current user's CBS account.
I think this may have some problems. Therefore, it is now being modified, adding secondary verification for COOL topics.
In Progress ...