CVE-2021-37270

CRITICAL

CMS Enterprise Website Construction System 5.0 - Unauthenticated Missing Authorization

Title source: llm
STIX 2.1

Description

There is an unauthorized access vulnerability in the CMS Enterprise Website Construction System 5.0. Attackers can use this vulnerability to directly access the specified background path without logging in to the background to obtain the background administrator authority.

References (2)

Core 2
Core References
Third Party Advisory x_refsource_misc
https://www.cnvd.org.cn/flaw/show/2815129
Third Party Advisory x_refsource_misc
https://github.com/purple-WL/S-cms-Unauthorized

Scores

CVSS v3 9.8
EPSS 0.0144
EPSS Percentile 69.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-862
Status published
Products (1)
s-cms/cms_enterprise_website_construction_system 5.0
Published Sep 27, 2021
Tracked Since Feb 18, 2026