Отправить #584057: Juzaweb Juzaweb CMS 3.4.2 Broken Access Control on “Plugins" PageИнформация

Название	Juzaweb Juzaweb CMS 3.4.2 Broken Access Control on “Plugins" Page
Описание	Vulnerability Description An unprivileged user can list and install plugins in the CMS. Impact By exploiting this vulnerability, an attacker can enumerate the plugins installed in the CMS, as well as install a plugin with malicious code. To reproduce: 1) Create a new user and add it to a role with all permissions disabled; 2) Log in with that user's account; 3) Access the address http://your-application.com/admin-cp/plugin/install ; 4) Note that the user can list the installed plugins, as well as upload new plugins.
Источник	⚠️ https://github.com/Cyber-Wo0dy/report/blob/main/juzawebcms/3.4.2/juzawebcms_unprivileged_user_list_install_plugins.md
Пользователь	Anonymous User
Представление	24.05.2025 03:01 (1 Год назад)
Модерация	01.06.2025 12:48 (8 days later)
Статус	принято
Запись VulDB	310762 [juzaweb CMS до 3.4.2 Plugins Page /admin-cp/plugin/install эскалация привилегий]
Баллы	20

Do you know our Splunk app?

Download it now for free!