Primary

Context

Juzaweb CMS Improper Authorization Vulnerability in Theme Installation Component

Vulnerability

A critical vulnerability exists in Juzaweb CMS version 3.4.2, specifically within the 'Add New Themes' page in the admin control panel. The issue arises from improper authorization, allowing unprivileged users to upload arbitrary themes to the CMS. This vulnerability can be exploited remotely.

Impact

Exploitation of this vulnerability enables users with limited privileges to import and potentially execute malicious themes within the CMS.

Reproduction

To reproduce this vulnerability, create a new user account and assign it a role with all permissions disabled. Log in with this account and navigate to the 'Add New Themes' page in the admin control panel. Despite the restricted permissions, the user will be able to upload new themes to the CMS.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

6.8

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

6.8

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Juzaweb CMS Improper Authorization Vulnerability in Theme Installation Component

Vulnerability

Impact

Reproduction

Affected Products

Juzaweb CMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating