Soumettre #597779: Juzaweb Juzaweb CMS 3.4.2 Broken Access Control on “Add New Themes" Pageinformation

TitreJuzaweb Juzaweb CMS 3.4.2 Broken Access Control on “Add New Themes" Page
DescriptionVulnerability Description An unprivileged user can upload new themes. Impact By exploiting this vulnerability, a user with few privileges can import arbitrary themes into the CMS. To reproduce: 1) Create a new user and add it to a role with all permissions disabled; 2) Log in with that user's account; 3) Go to http://your-application.com/admin-cp/theme/install ; 4) Note that the user can upload new themes to the CMS
La source⚠️ https://github.com/Cyber-Wo0dy/report/blob/main/juzawebcms/3.4.2/juzawebcms_unprivileged_user_upload_new_themes.md
Utilisateur
 Anonymous User
Soumission16/06/2025 19:51 (il y a 1 Année)
Modérer26/06/2025 18:04 (10 days later)
StatutAccepté
Entrée VulDB314011 [juzaweb CMS 3.4.2 Add New Themes Page /admin-cp/theme/install élévation de privilèges]
Points20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!