Отправить #597779: Juzaweb Juzaweb CMS 3.4.2 Broken Access Control on “Add New Themes" PageИнформация

НазваниеJuzaweb Juzaweb CMS 3.4.2 Broken Access Control on “Add New Themes" Page
ОписаниеVulnerability Description An unprivileged user can upload new themes. Impact By exploiting this vulnerability, a user with few privileges can import arbitrary themes into the CMS. To reproduce: 1) Create a new user and add it to a role with all permissions disabled; 2) Log in with that user's account; 3) Go to http://your-application.com/admin-cp/theme/install ; 4) Note that the user can upload new themes to the CMS
Источник⚠️ https://github.com/Cyber-Wo0dy/report/blob/main/juzawebcms/3.4.2/juzawebcms_unprivileged_user_upload_new_themes.md
Пользователь
 Anonymous User
Представление16.06.2025 19:51 (1 Год назад)
Модерация26.06.2025 18:04 (10 days later)
Статуспринято
Запись VulDB314011 [juzaweb CMS 3.4.2 Add New Themes Page /admin-cp/theme/install эскалация привилегий]
Баллы20

Want to stay up to date on a daily basis?

Enable the mail alert feature now!