إرسال #597779: Juzaweb Juzaweb CMS 3.4.2 Broken Access Control on “Add New Themes" Pageالمعلومات

عنوانJuzaweb Juzaweb CMS 3.4.2 Broken Access Control on “Add New Themes" Page
الوصفVulnerability Description An unprivileged user can upload new themes. Impact By exploiting this vulnerability, a user with few privileges can import arbitrary themes into the CMS. To reproduce: 1) Create a new user and add it to a role with all permissions disabled; 2) Log in with that user's account; 3) Go to http://your-application.com/admin-cp/theme/install ; 4) Note that the user can upload new themes to the CMS
المصدر⚠️ https://github.com/Cyber-Wo0dy/report/blob/main/juzawebcms/3.4.2/juzawebcms_unprivileged_user_upload_new_themes.md
المستخدم
 Anonymous User
ارسال16/06/2025 07:51 PM (1 سنة منذ)
الاعتدال26/06/2025 06:04 PM (10 days later)
الحالةتمت الموافقة
إدخال VulDB314011 [juzaweb CMS 3.4.2 Add New Themes Page /admin-cp/theme/install تجاوز الصلاحيات]
النقاط20

Interested in the pricing of exploits?

See the underground prices here!