提交 #597778: Juzaweb Juzaweb CMS 3.4.2 Broken Access Control on “Import" Page信息

标题Juzaweb Juzaweb CMS 3.4.2 Broken Access Control on “Import" Page
描述Vulnerability Description An unprivileged user can access functions related to the Import page. Impact By exploiting this vulnerability, a user with low privileges can import arbitrary files into the CMS. To reproduce: 1) Create a new user and add it to a role with all permissions disabled; 2) Log in with this user's account; 3) Access the address http://your-application.com/admin-cp/imports ; 4) Note that the user can import files into the CMS.
来源⚠️ https://github.com/Cyber-Wo0dy/report/blob/main/juzawebcms/3.4.2/juzawebcms_unprivileged_user_make_import.md
用户
 Anonymous User
提交2025-06-16 19時48分 (1 年前)
管理2025-06-26 18時04分 (10 days later)
状态已接受
VulDB条目314010 [juzaweb CMS 3.4.2 Import Page /admin-cp/imports 权限提升]
积分20

Do you need the next level of professionalism?

Upgrade your account now!