提出 #597779: Juzaweb Juzaweb CMS 3.4.2 Broken Access Control on “Add New Themes" Page情報

タイトルJuzaweb Juzaweb CMS 3.4.2 Broken Access Control on “Add New Themes" Page
説明Vulnerability Description An unprivileged user can upload new themes. Impact By exploiting this vulnerability, a user with few privileges can import arbitrary themes into the CMS. To reproduce: 1) Create a new user and add it to a role with all permissions disabled; 2) Log in with that user's account; 3) Go to http://your-application.com/admin-cp/theme/install ; 4) Note that the user can upload new themes to the CMS
ソース⚠️ https://github.com/Cyber-Wo0dy/report/blob/main/juzawebcms/3.4.2/juzawebcms_unprivileged_user_upload_new_themes.md
ユーザー
 Anonymous User
送信2025年06月16日 19:51 (1 年 ago)
モデレーション2025年06月26日 18:04 (10 days later)
ステータス承諾済み
VulDBエントリ314011 [juzaweb CMS 3.4.2 Add New Themes Page /admin-cp/theme/install 特権昇格]
ポイント20

Want to know what is going to be exploited?

We predict KEV entries!