Description

There is an unauthorized access vulnerability in the CMS Enterprise Website Construction System 5.0. Attackers can use this vulnerability to directly access the specified background path without logging in to the background to obtain the background administrator authority.

Related CPE's

a

s-cms

cms_enterprise_website_construction_system

5.0

Vulnerable

References

https://github.com/purple-WL/S-cms-Unauthorized

Third Party Advisory

https://www.cnvd.org.cn/flaw/show/2815129

Third Party Advisory

https://github.com/purple-WL/S-cms-Unauthorized

Third Party Advisory

https://www.cnvd.org.cn/flaw/show/2815129

Third Party Advisory

Weaknesses

[email protected]

Primary
CWE-862

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 · Critical

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-09-27T19:15:07.927Z

4 years ago

Last modified

2024-11-21T05:14:55.127Z

1 year ago