제출 #597779: Juzaweb Juzaweb CMS 3.4.2 Broken Access Control on “Add New Themes" Page정보

제목Juzaweb Juzaweb CMS 3.4.2 Broken Access Control on “Add New Themes" Page
설명Vulnerability Description An unprivileged user can upload new themes. Impact By exploiting this vulnerability, a user with few privileges can import arbitrary themes into the CMS. To reproduce: 1) Create a new user and add it to a role with all permissions disabled; 2) Log in with that user's account; 3) Go to http://your-application.com/admin-cp/theme/install ; 4) Note that the user can upload new themes to the CMS
원천⚠️ https://github.com/Cyber-Wo0dy/report/blob/main/juzawebcms/3.4.2/juzawebcms_unprivileged_user_upload_new_themes.md
사용자
 Anonymous User
제출2025. 06. 16. PM 07:51 (1 년도 ago)
모더레이션2025. 06. 26. PM 06:04 (10 days later)
상태수락
VulDB 항목314011 [juzaweb CMS 3.4.2 Add New Themes Page /admin-cp/theme/install 권한 상승]
포인트들20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!