Enviar #584052: Juzaweb Juzaweb CMS 3.4.2 Broken Access Control on “Media" Pageinformación

TítuloJuzaweb Juzaweb CMS 3.4.2 Broken Access Control on “Media" Page
DescripciónVulnerability Description An unprivileged user can access and modify the files listed on the "Media" page. Impact By exploiting this vulnerability, a malicious user can list the files uploaded to the CMS, download and delete files, as well as upload files to the application. To reproduce: 1) Create a new user and add it to a role with all permissions disabled; 2) Log in with this user's account; 3) Access the address http://your-application.com/admin-cp/media ; 4) Note that the user can list and delete files registered in the CMS, as well as upload new files.
Fuente⚠️ https://github.com/Cyber-Wo0dy/report/blob/main/juzawebcms/3.4.2/juzawebcms_unprivileged_user_access_modify_media_page.md
Usuario
 Anonymous User
Sumisión2025-05-24 02:54 (hace 1 Año)
Moderación2025-06-01 12:48 (8 days later)
EstadoAceptado
Entrada de VulDB310757 [juzaweb CMS hasta 3.4.2 Media Page /admin-cp/media escalada de privilegios]
Puntos20

AnteriorVisión De ConjuntoPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!