There is an unauthorized access vulnerability in the CMS Enterprise Website Construction System 5.0. Attackers can use this vulnerability to directly access the specified background path without logging in to the background to obtain the background administrator authority.
References
Link | Resource |
---|---|
https://github.com/purple-WL/S-cms-Unauthorized | Third Party Advisory |
https://www.cnvd.org.cn/flaw/show/2815129 | Third Party Advisory |
Configurations
History
06 Oct 2021, 16:11
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:s-cms:cms_enterprise_website_construction_system:5.0:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 10.0
v3 : 9.8 |
CWE | CWE-862 | |
References | (MISC) https://www.cnvd.org.cn/flaw/show/2815129 - Third Party Advisory | |
References | (MISC) https://github.com/purple-WL/S-cms-Unauthorized - Third Party Advisory |
27 Sep 2021, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-09-27 21:15
Updated : 2024-02-04 22:08
NVD link : CVE-2021-37270
Mitre link : CVE-2021-37270
CVE.ORG link : CVE-2021-37270
JSON object : View
Products Affected
s-cms
- cms_enterprise_website_construction_system
CWE
CWE-862
Missing Authorization