Enviar #597779: Juzaweb Juzaweb CMS 3.4.2 Broken Access Control on “Add New Themes" Pageinformación

TítuloJuzaweb Juzaweb CMS 3.4.2 Broken Access Control on “Add New Themes" Page
DescripciónVulnerability Description An unprivileged user can upload new themes. Impact By exploiting this vulnerability, a user with few privileges can import arbitrary themes into the CMS. To reproduce: 1) Create a new user and add it to a role with all permissions disabled; 2) Log in with that user's account; 3) Go to http://your-application.com/admin-cp/theme/install ; 4) Note that the user can upload new themes to the CMS
Fuente⚠️ https://github.com/Cyber-Wo0dy/report/blob/main/juzawebcms/3.4.2/juzawebcms_unprivileged_user_upload_new_themes.md
Usuario
 Anonymous User
Sumisión2025-06-16 19:51 (hace 1 Año)
Moderación2025-06-26 18:04 (10 days later)
EstadoAceptado
Entrada de VulDB314011 [juzaweb CMS 3.4.2 Add New Themes Page /admin-cp/theme/install escalada de privilegios]
Puntos20

Do you want to use VulDB in your project?

Use the official API to access entries easily!