exploitDog

CVE-2021-37270

Опубликовано: 27 сент. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Низкий

Описание

There is an unauthorized access vulnerability in the CMS Enterprise Website Construction System 5.0. Attackers can use this vulnerability to directly access the specified background path without logging in to the background to obtain the background administrator authority.

Ссылки

https://github.com/purple-WL/S-cms-Unauthorized
Third Party Advisory
https://www.cnvd.org.cn/flaw/show/2815129
Third Party Advisory
https://github.com/purple-WL/S-cms-Unauthorized
Third Party Advisory
https://www.cnvd.org.cn/flaw/show/2815129
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:s-cms:cms_enterprise_website_construction_system:5.0:*:*:*:*:*:*:*

EPSS

Процентиль: 49%

0.00263

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-862

Связанные уязвимости

GHSA-6g8q-gjhc-wgm2

github

больше 3 лет назад

There is an unauthorized access vulnerability in the CMS Enterprise Website Construction System 5.0. Attackers can use this vulnerability to directly access the specified background path without logging in to the background to obtain the background administrator authority.

EPSS

Процентиль: 49%

0.00263

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-862