Invia #597778: Juzaweb Juzaweb CMS 3.4.2 Broken Access Control on “Import" Pageinformazioni

TitoloJuzaweb Juzaweb CMS 3.4.2 Broken Access Control on “Import" Page
DescrizioneVulnerability Description An unprivileged user can access functions related to the Import page. Impact By exploiting this vulnerability, a user with low privileges can import arbitrary files into the CMS. To reproduce: 1) Create a new user and add it to a role with all permissions disabled; 2) Log in with this user's account; 3) Access the address http://your-application.com/admin-cp/imports ; 4) Note that the user can import files into the CMS.
Fonte⚠️ https://github.com/Cyber-Wo0dy/report/blob/main/juzawebcms/3.4.2/juzawebcms_unprivileged_user_make_import.md
Utente
 Anonymous User
Sottomissione16/06/2025 19:48 (1 Anno fa)
Moderazione26/06/2025 18:04 (10 days later)
StatoAccettato
Voce VulDB314010 [juzaweb CMS 3.4.2 Import Page /admin-cp/imports escalationi di privilegi]
Punti20

Might our Artificial Intelligence support you?

Check our Alexa App!