Primary

Context

Juzaweb CMS Broken Access Control Vulnerability in Permalinks Page

Vulnerability

A critical broken access control vulnerability has been identified in Juzaweb CMS versions through 3.4.2. The issue allows unprivileged users to access and modify fields related to the CMS link format on the Permalinks page. This vulnerability can be exploited remotely, enabling users with minimal privileges to make arbitrary changes to the site's link structure.

Impact

Exploitation of this vulnerability allows unprivileged users to unauthorizedly alter the CMS link format, potentially disrupting the site's URL structure and affecting SEO or link accessibility.

Reproduction

To reproduce this vulnerability, create a new user account and assign it a role with all permissions disabled. After logging in with this account, navigate to the admin permalinks page. The user will be able to access and modify the permalink settings, despite having limited privileges.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

6.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

6.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Juzaweb CMS Broken Access Control Vulnerability in Permalinks Page

Vulnerability

Impact

Reproduction

Affected Products

Juzaweb CMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating