Submeter #597779: Juzaweb Juzaweb CMS 3.4.2 Broken Access Control on “Add New Themes" Page
| Título | Juzaweb Juzaweb CMS 3.4.2 Broken Access Control on “Add New Themes" Page |
|---|---|
| Descrição | Vulnerability Description An unprivileged user can upload new themes. Impact By exploiting this vulnerability, a user with few privileges can import arbitrary themes into the CMS. To reproduce: 1) Create a new user and add it to a role with all permissions disabled; 2) Log in with that user's account; 3) Go to http://your-application.com/admin-cp/theme/install ; 4) Note that the user can upload new themes to the CMS |
| Fonte | ⚠️ https:/ |
| Utilizador | Anonymous User |
| Submissão | 16/06/2025 19h51 (há 1 Ano) |
| Moderação | 26/06/2025 18h04 (10 days later) |
| Estado | Aceite |
| Entrada VulDB | 314011 [juzaweb CMS 3.4.2 Add New Themes Page /admin-cp/theme/install Elevação de Privilégios] |
| Pontos | 20 |