CVE-2021-37270
CRITICALCMS Enterprise Website Construction System 5.0 - Unauthenticated Missing Authorization
Title source: llmDescription
There is an unauthorized access vulnerability in the CMS Enterprise Website Construction System 5.0. Attackers can use this vulnerability to directly access the specified background path without logging in to the background to obtain the background administrator authority.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://www.cnvd.org.cn/flaw/show/2815129
Third Party Advisory x_refsource_misc
https://github.com/purple-WL/S-cms-Unauthorized
Scores
CVSS v3
9.8
EPSS
0.0144
EPSS Percentile
69.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-862
Status
published
Products (1)
s-cms/cms_enterprise_website_construction_system
5.0
Published
Sep 27, 2021
Tracked Since
Feb 18, 2026