제출 #597778: Juzaweb Juzaweb CMS 3.4.2 Broken Access Control on “Import" Page정보

제목Juzaweb Juzaweb CMS 3.4.2 Broken Access Control on “Import" Page
설명Vulnerability Description An unprivileged user can access functions related to the Import page. Impact By exploiting this vulnerability, a user with low privileges can import arbitrary files into the CMS. To reproduce: 1) Create a new user and add it to a role with all permissions disabled; 2) Log in with this user's account; 3) Access the address http://your-application.com/admin-cp/imports ; 4) Note that the user can import files into the CMS.
원천⚠️ https://github.com/Cyber-Wo0dy/report/blob/main/juzawebcms/3.4.2/juzawebcms_unprivileged_user_make_import.md
사용자
 Anonymous User
제출2025. 06. 16. PM 07:48 (1 년도 ago)
모더레이션2025. 06. 26. PM 06:04 (10 days later)
상태수락
VulDB 항목314010 [juzaweb CMS 3.4.2 Import Page /admin-cp/imports 권한 상승]
포인트들20

Do you want to use VulDB in your project?

Use the official API to access entries easily!