Gửi #597778: Juzaweb Juzaweb CMS 3.4.2 Broken Access Control on “Import" Pagethông tin

tiêu đềJuzaweb Juzaweb CMS 3.4.2 Broken Access Control on “Import" Page
Mô tảVulnerability Description An unprivileged user can access functions related to the Import page. Impact By exploiting this vulnerability, a user with low privileges can import arbitrary files into the CMS. To reproduce: 1) Create a new user and add it to a role with all permissions disabled; 2) Log in with this user's account; 3) Access the address http://your-application.com/admin-cp/imports ; 4) Note that the user can import files into the CMS.
Nguồn⚠️ https://github.com/Cyber-Wo0dy/report/blob/main/juzawebcms/3.4.2/juzawebcms_unprivileged_user_make_import.md
Người dùng
 Anonymous User
Đệ trình16/06/2025 19:48 (cách đây 1 Năm)
Kiểm duyệt26/06/2025 18:04 (10 days later)
Trạng tháiđược chấp nhận
Mục VulDB314010 [juzaweb CMS 3.4.2 Import Page /admin-cp/imports nâng cao đặc quyền]
điểm20

Interested in the pricing of exploits?

See the underground prices here!