CVE Details
Basic Information
| Title | juzaweb CMS Email Logs Page email access control |
|---|---|
| Type | cve |
| Published | 2025-06-02T01:00:24.461Z |
| Last Seen |
Product Information
| Vendor | juzaweb |
|---|---|
| Product | CMS |
| Version | 3.4.0 |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A vulnerability in juzaweb CMS allows unprivileged users to access email logs, potentially exposing sensitive information. The issue is due to improper access controls and can be exploited remotely. The vendor has not responded to the disclosure. |
|---|---|
| AI Severity | Medium |
| Vendor | juzaweb |
| Product | CMS |
| Affected Version | 3.4.0, 3.4.1, 3.4.2 |
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-284, CWE-266 |
| Bulletin Family | |
| Source Data | juzaweb CMS 3.4.0 juzaweb CMS 3.4.1 juzaweb CMS 3.4.2 |
Source Information
| Source Data | juzaweb CMS 3.4.0 juzaweb CMS 3.4.1 juzaweb CMS 3.4.2 |
|---|---|
| Source Link |
Description
A vulnerability, which was classified as problematic, was found in juzaweb CMS up to 3.4.2. This affects an unknown part of the file /admin-cp/logs/email of the component Email Logs Page. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score Summary
Base Score: 5.3 (MEDIUM)