Отправить #597778: Juzaweb Juzaweb CMS 3.4.2 Broken Access Control on “Import" PageИнформация

НазваниеJuzaweb Juzaweb CMS 3.4.2 Broken Access Control on “Import" Page
ОписаниеVulnerability Description An unprivileged user can access functions related to the Import page. Impact By exploiting this vulnerability, a user with low privileges can import arbitrary files into the CMS. To reproduce: 1) Create a new user and add it to a role with all permissions disabled; 2) Log in with this user's account; 3) Access the address http://your-application.com/admin-cp/imports ; 4) Note that the user can import files into the CMS.
Источник⚠️ https://github.com/Cyber-Wo0dy/report/blob/main/juzawebcms/3.4.2/juzawebcms_unprivileged_user_make_import.md
Пользователь
 Anonymous User
Представление16.06.2025 19:48 (1 Год назад)
Модерация26.06.2025 18:04 (10 days later)
Статуспринято
Запись VulDB314010 [juzaweb CMS 3.4.2 Import Page /admin-cp/imports эскалация привилегий]
Баллы20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!