إرسال #597778: Juzaweb Juzaweb CMS 3.4.2 Broken Access Control on “Import" Pageالمعلومات

عنوانJuzaweb Juzaweb CMS 3.4.2 Broken Access Control on “Import" Page
الوصفVulnerability Description An unprivileged user can access functions related to the Import page. Impact By exploiting this vulnerability, a user with low privileges can import arbitrary files into the CMS. To reproduce: 1) Create a new user and add it to a role with all permissions disabled; 2) Log in with this user's account; 3) Access the address http://your-application.com/admin-cp/imports ; 4) Note that the user can import files into the CMS.
المصدر⚠️ https://github.com/Cyber-Wo0dy/report/blob/main/juzawebcms/3.4.2/juzawebcms_unprivileged_user_make_import.md
المستخدم
 Anonymous User
ارسال16/06/2025 07:48 PM (1 سنة منذ)
الاعتدال26/06/2025 06:04 PM (10 days later)
الحالةتمت الموافقة
إدخال VulDB314010 [juzaweb CMS 3.4.2 Import Page /admin-cp/imports تجاوز الصلاحيات]
النقاط20

Do you want to use VulDB in your project?

Use the official API to access entries easily!