An issue in the /index/user/user_edit.html component of YJCMS v1.0.9 allows unauthenticated malicious users to obtain the Administrator account password.
eyunjing yjcms 1.0.9