Отправить #584052: Juzaweb Juzaweb CMS 3.4.2 Broken Access Control on “Media" PageИнформация

Название	Juzaweb Juzaweb CMS 3.4.2 Broken Access Control on “Media" Page
Описание	Vulnerability Description An unprivileged user can access and modify the files listed on the "Media" page. Impact By exploiting this vulnerability, a malicious user can list the files uploaded to the CMS, download and delete files, as well as upload files to the application. To reproduce: 1) Create a new user and add it to a role with all permissions disabled; 2) Log in with this user's account; 3) Access the address http://your-application.com/admin-cp/media ; 4) Note that the user can list and delete files registered in the CMS, as well as upload new files.
Источник	⚠️ https://github.com/Cyber-Wo0dy/report/blob/main/juzawebcms/3.4.2/juzawebcms_unprivileged_user_access_modify_media_page.md
Пользователь	Anonymous User
Представление	24.05.2025 02:54 (1 Год назад)
Модерация	01.06.2025 12:48 (8 days later)
Статус	принято
Запись VulDB	310757 [juzaweb CMS до 3.4.2 Media Page /admin-cp/media эскалация привилегий]
Баллы	20

Do you know our Splunk app?

Download it now for free!