Invia #597779: Juzaweb Juzaweb CMS 3.4.2 Broken Access Control on “Add New Themes" Pageinformazioni

TitoloJuzaweb Juzaweb CMS 3.4.2 Broken Access Control on “Add New Themes" Page
DescrizioneVulnerability Description An unprivileged user can upload new themes. Impact By exploiting this vulnerability, a user with few privileges can import arbitrary themes into the CMS. To reproduce: 1) Create a new user and add it to a role with all permissions disabled; 2) Log in with that user's account; 3) Go to http://your-application.com/admin-cp/theme/install ; 4) Note that the user can upload new themes to the CMS
Fonte⚠️ https://github.com/Cyber-Wo0dy/report/blob/main/juzawebcms/3.4.2/juzawebcms_unprivileged_user_upload_new_themes.md
Utente
 Anonymous User
Sottomissione16/06/2025 19:51 (1 Anno fa)
Moderazione26/06/2025 18:04 (10 days later)
StatoAccettato
Voce VulDB314011 [juzaweb CMS 3.4.2 Add New Themes Page /admin-cp/theme/install escalationi di privilegi]
Punti20

Might our Artificial Intelligence support you?

Check our Alexa App!