CVE-2021-37270

Published: Sep 27, 2021Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

There is an unauthorized access vulnerability in the CMS Enterprise Website Construction System 5.0. Attackers can use this vulnerability to directly access the specified background path without logging in to the background to obtain the background administrator authority.

Affected (1)

Products: S Cms: Cms Enterprise Website Construction System

1 product

Cms Enterprise Website Construction System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
S Cms Cms Enterprise Website Construction System	Version 5.0

Related CWEs

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (4)

https://github.com/purple-WL/S-cms-Unauthorized

Source: cve@mitre.org

Third Party Advisory

https://www.cnvd.org.cn/flaw/show/2815129

Source: cve@mitre.org

Third Party Advisory

https://github.com/purple-WL/S-cms-Unauthorized

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.cnvd.org.cn/flaw/show/2815129

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.