CVE-2021-37144

Critical

CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. This occurs in PHP when the unlink() function is called and user input might affect…

mitre·CWE-706·Published 2021-07-29

CVSS

9.1

EPSS

0.01

KEV

Exploits

cve.orgen

266 chars

CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. This occurs in PHP when the unlink() function is called and user input might affect portions of or the whole affected parameter, which represents the path of the file to remove, without sufficient sanitization.

NVDen

266 chars

NVDes

278 chars

CSZ CMS versión 1.2.9, es vulnerable al Borrado de Archivos Arbitrario. Esto ocurre en PHP cuando se llama a la función unlink() y la entrada de usuario puede afectar a partes o a todo el parámetro afectado, que representa la ruta del archivo a eliminar, sin un saneo suficiente

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.4	10.0	4.9	AV:N/AC:L/Au:N/C:N/I:P/A:P
3.1	Primary	NVD	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H