Enviar #597778: Juzaweb Juzaweb CMS 3.4.2 Broken Access Control on “Import" Pageinformación

TítuloJuzaweb Juzaweb CMS 3.4.2 Broken Access Control on “Import" Page
DescripciónVulnerability Description An unprivileged user can access functions related to the Import page. Impact By exploiting this vulnerability, a user with low privileges can import arbitrary files into the CMS. To reproduce: 1) Create a new user and add it to a role with all permissions disabled; 2) Log in with this user's account; 3) Access the address http://your-application.com/admin-cp/imports ; 4) Note that the user can import files into the CMS.
Fuente⚠️ https://github.com/Cyber-Wo0dy/report/blob/main/juzawebcms/3.4.2/juzawebcms_unprivileged_user_make_import.md
Usuario
 Anonymous User
Sumisión2025-06-16 19:48 (hace 1 Año)
Moderación2025-06-26 18:04 (10 days later)
EstadoAceptado
Entrada de VulDB314010 [juzaweb CMS 3.4.2 Import Page /admin-cp/imports escalada de privilegios]
Puntos20

Do you need the next level of professionalism?

Upgrade your account now!