Submit #597779: Juzaweb Juzaweb CMS 3.4.2 Broken Access Control on “Add New Themes" Pageinfo

TitleJuzaweb Juzaweb CMS 3.4.2 Broken Access Control on “Add New Themes" Page
DescriptionVulnerability Description An unprivileged user can upload new themes. Impact By exploiting this vulnerability, a user with few privileges can import arbitrary themes into the CMS. To reproduce: 1) Create a new user and add it to a role with all permissions disabled; 2) Log in with that user's account; 3) Go to http://your-application.com/admin-cp/theme/install ; 4) Note that the user can upload new themes to the CMS
Source⚠️ https://github.com/Cyber-Wo0dy/report/blob/main/juzawebcms/3.4.2/juzawebcms_unprivileged_user_upload_new_themes.md
User
 Anonymous User
Submission06/16/2025 19:51 (1 Year ago)
Moderation06/26/2025 18:04 (10 days later)
StatusAccepted
VulDB entry314011 [juzaweb CMS 3.4.2 Add New Themes Page /admin-cp/theme/install improper authorization]
Points20

Want to know what is going to be exploited?

We predict KEV entries!