Gửi #597779: Juzaweb Juzaweb CMS 3.4.2 Broken Access Control on “Add New Themes" Pagethông tin

tiêu đềJuzaweb Juzaweb CMS 3.4.2 Broken Access Control on “Add New Themes" Page
Mô tảVulnerability Description An unprivileged user can upload new themes. Impact By exploiting this vulnerability, a user with few privileges can import arbitrary themes into the CMS. To reproduce: 1) Create a new user and add it to a role with all permissions disabled; 2) Log in with that user's account; 3) Go to http://your-application.com/admin-cp/theme/install ; 4) Note that the user can upload new themes to the CMS
Nguồn⚠️ https://github.com/Cyber-Wo0dy/report/blob/main/juzawebcms/3.4.2/juzawebcms_unprivileged_user_upload_new_themes.md
Người dùng
 Anonymous User
Đệ trình16/06/2025 19:51 (cách đây 1 Năm)
Kiểm duyệt26/06/2025 18:04 (10 days later)
Trạng tháiđược chấp nhận
Mục VulDB314011 [juzaweb CMS 3.4.2 Add New Themes Page /admin-cp/theme/install nâng cao đặc quyền]
điểm20

Do you need the next level of professionalism?

Upgrade your account now!