Windu CMS Broken Access Control Vulnerability Allowing Deletion of Super Admins

Vulnerability

A broken access control vulnerability has been identified in Windu CMS version 4.1, allowing privileged users to delete Super Admin accounts through a manipulated GET request. This action cannot be performed via the graphical user interface. The vulnerability arises from improper authorization checks in the user editing feature, enabling administrators to exploit the flaw and remove Super Admins without following the standard procedural constraints.

Impact

Exploitation of this vulnerability could lead to unauthorized deletion of Super Admin accounts, disrupting administrative oversight and potentially allowing for further abuse of privileges or manipulation of the content management system.

Added: Nov 18, 2025, 3:23 PM

Updated: Nov 18, 2025, 3:23 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

5.0

remediation

0.0

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

5.0

remediation

0.0

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Windu CMS Broken Access Control Vulnerability Allowing Deletion of Super Admins

Vulnerability

Impact

Affected Products

JCD Windu CMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating