CVE Details
Basic Information
| Title | juzaweb CMS Plugin Editor Page editor access control |
|---|---|
| Type | cve |
| Published | 2025-06-02T00:31:04.139Z |
| Last Seen |
Product Information
| Vendor | juzaweb |
|---|---|
| Product | CMS |
| Version | 3.4.0 |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A critical vulnerability in juzaweb CMS allows unprivileged users to access and edit plugins, potentially leading to unauthorized changes or code execution. |
|---|---|
| AI Severity | Medium |
| Vendor | juzaweb |
| Product | juzaweb CMS |
| Affected Version | 3.4.0, 3.4.1, 3.4.2 |
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-284, CWE-266 |
| Bulletin Family | |
| Source Data | juzaweb CMS 3.4.0 juzaweb CMS 3.4.1 juzaweb CMS 3.4.2 |
Source Information
| Source Data | juzaweb CMS 3.4.0 juzaweb CMS 3.4.1 juzaweb CMS 3.4.2 |
|---|---|
| Source Link |
Description
A vulnerability, which was classified as critical, has been found in juzaweb CMS up to 3.4.2. Affected by this issue is some unknown functionality of the file /admin-cp/plugin/editor of the component Plugin Editor Page. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score Summary
Base Score: 5.3 (MEDIUM)