CVE-2021-26639
HIGHWISA Smart Wing CMS < r18715.20211229 - Unauthenticated Arbitrary File Read via Input Validation Bypass
Title source: llmDescription
This vulnerability is caused by the lack of validation of input values for specific functions if WISA Smart Wing CMS. Remote attackers can use this vulnerability to leak all files in the server without logging in system.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66875
Scores
CVSS v3
8.1
EPSS
0.0038
EPSS Percentile
29.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-494
CWE-20
Status
published
Products (1)
wisa/smart_wing_cms
< r18715.20211229
Published
Aug 17, 2022
Tracked Since
Feb 18, 2026