Submeter #597779: Juzaweb Juzaweb CMS 3.4.2 Broken Access Control on “Add New Themes" Pageinformação

TítuloJuzaweb Juzaweb CMS 3.4.2 Broken Access Control on “Add New Themes" Page
DescriçãoVulnerability Description An unprivileged user can upload new themes. Impact By exploiting this vulnerability, a user with few privileges can import arbitrary themes into the CMS. To reproduce: 1) Create a new user and add it to a role with all permissions disabled; 2) Log in with that user's account; 3) Go to http://your-application.com/admin-cp/theme/install ; 4) Note that the user can upload new themes to the CMS
Fonte⚠️ https://github.com/Cyber-Wo0dy/report/blob/main/juzawebcms/3.4.2/juzawebcms_unprivileged_user_upload_new_themes.md
Utilizador
 Anonymous User
Submissão16/06/2025 19h51 (há 1 Ano)
Moderação26/06/2025 18h04 (10 days later)
EstadoAceite
Entrada VulDB314011 [juzaweb CMS 3.4.2 Add New Themes Page /admin-cp/theme/install Elevação de Privilégios]
Pontos20

Interested in the pricing of exploits?

See the underground prices here!