Primary

Context

Juzaweb Juzaweb CMS Broken Access Control Vulnerability in General Settings Page

Vulnerability

A critical broken access control vulnerability has been identified in Juzaweb CMS versions through 3.4.2. This issue allows non-privileged users to view and modify CMS configuration settings. The vulnerability is present in the General Setting Page of the admin control panel, specifically within the system settings.

Impact

Exploitation of this vulnerability enables low-privileged users to access and alter CMS configuration information, potentially leading to unauthorized changes in the application's behavior or settings.

Reproduction

To reproduce this vulnerability, create a new user and assign it to a role with all permissions disabled. After logging in with this account, navigate to the General Setting Page in the admin control panel. The user will be able to view and edit various fields related to the general CMS settings.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

3.1

exploitability

6.8

remediation

0.0

relevance

0.1

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

3.1

exploitability

6.8

remediation

0.0

relevance

0.1

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Juzaweb Juzaweb CMS Broken Access Control Vulnerability in General Settings Page

Vulnerability

Impact

Reproduction

Affected Products

Juzaweb CMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating