Description
There is an unauthorized access vulnerability in the CMS Enterprise Website Construction System 5.0. Attackers can use this vulnerability to directly access the specified background path without logging in to the background to obtain the background administrator authority.
References
https://github.com/purple-WL/S-cms-Unauthorized
Third Party Advisory
https://www.cnvd.org.cn/flaw/show/2815129
Third Party Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 · Critical
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2021-09-27T21:15:07.927
3 years agoLast modified
2021-10-06T16:11:34.887
3 years ago