Submit #597778: Juzaweb Juzaweb CMS 3.4.2 Broken Access Control on “Import" Pageinfo

TitleJuzaweb Juzaweb CMS 3.4.2 Broken Access Control on “Import" Page
DescriptionVulnerability Description An unprivileged user can access functions related to the Import page. Impact By exploiting this vulnerability, a user with low privileges can import arbitrary files into the CMS. To reproduce: 1) Create a new user and add it to a role with all permissions disabled; 2) Log in with this user's account; 3) Access the address http://your-application.com/admin-cp/imports ; 4) Note that the user can import files into the CMS.
Source⚠️ https://github.com/Cyber-Wo0dy/report/blob/main/juzawebcms/3.4.2/juzawebcms_unprivileged_user_make_import.md
User
 Anonymous User
Submission06/16/2025 19:48 (1 Year ago)
Moderation06/26/2025 18:04 (10 days later)
StatusAccepted
VulDB entry314010 [juzaweb CMS 3.4.2 Import Page /admin-cp/imports improper authorization]
Points20

Do you want to use VulDB in your project?

Use the official API to access entries easily!