CVE-2021-37270

There is an unauthorized access vulnerability in the CMS Enterprise Website Construction System 5.0. Attackers can use this vulnerability to directly access the specified background path without logging in to the background to obtain the background administrator authority.
References
Link Resource
https://github.com/purple-WL/S-cms-Unauthorized Third Party Advisory
https://www.cnvd.org.cn/flaw/show/2815129 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:s-cms:cms_enterprise_website_construction_system:5.0:*:*:*:*:*:*:*

History

06 Oct 2021, 16:11

Type Values Removed Values Added
CPE cpe:2.3:a:s-cms:cms_enterprise_website_construction_system:5.0:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 10.0
v3 : 9.8
CWE CWE-862
References (MISC) https://www.cnvd.org.cn/flaw/show/2815129 - (MISC) https://www.cnvd.org.cn/flaw/show/2815129 - Third Party Advisory
References (MISC) https://github.com/purple-WL/S-cms-Unauthorized - (MISC) https://github.com/purple-WL/S-cms-Unauthorized - Third Party Advisory

27 Sep 2021, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-09-27 21:15

Updated : 2024-02-04 22:08


NVD link : CVE-2021-37270

Mitre link : CVE-2021-37270

CVE.ORG link : CVE-2021-37270


JSON object : View

Products Affected

s-cms

  • cms_enterprise_website_construction_system
CWE
CWE-862

Missing Authorization