CVE-2021-37144
Published: 30 July 2021
Summary
CVE-2021-37144 is a critical-severity Use of Incorrectly-Resolved Name or Reference (CWE-706) vulnerability in Cszcms Csz Cms. Its CVSS base score is 9.1 (Critical).
Operationally, ranked in the top 47.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-23718
Vulnerability details
CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. This occurs in PHP when the unlink() function is called and user input might affect portions of or the whole affected parameter, which represents the path of the file to remove,…
more
without sufficient sanitization.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.