提交 #597779: Juzaweb Juzaweb CMS 3.4.2 Broken Access Control on “Add New Themes" Page信息

标题Juzaweb Juzaweb CMS 3.4.2 Broken Access Control on “Add New Themes" Page
描述Vulnerability Description An unprivileged user can upload new themes. Impact By exploiting this vulnerability, a user with few privileges can import arbitrary themes into the CMS. To reproduce: 1) Create a new user and add it to a role with all permissions disabled; 2) Log in with that user's account; 3) Go to http://your-application.com/admin-cp/theme/install ; 4) Note that the user can upload new themes to the CMS
来源⚠️ https://github.com/Cyber-Wo0dy/report/blob/main/juzawebcms/3.4.2/juzawebcms_unprivileged_user_upload_new_themes.md
用户
 Anonymous User
提交2025-06-16 19時51分 (1 年前)
管理2025-06-26 18時04分 (10 days later)
状态已接受
VulDB条目314011 [juzaweb CMS 3.4.2 Add New Themes Page /admin-cp/theme/install 权限提升]
积分20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!