CVE Details
Basic Information
| Title | juzaweb CMS Media Page media access control |
|---|---|
| Type | cve |
| Published | 2025-06-02T02:00:16.127Z |
| Last Seen |
Product Information
| Vendor | juzaweb |
|---|---|
| Product | CMS |
| Version | 3.4.0 |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A critical vulnerability in juzaweb CMS up to version 3.4.2 allows unauthenticated remote attackers to bypass access controls and manipulate media files via the /admin-cp/media endpoint. The vendor was notified but did not respond, and the exploit is publicly available. |
|---|---|
| AI Severity | Medium |
| Vendor | juzaweb |
| Product | juzaweb CMS |
| Affected Version | 3.4.0, 3.4.1, 3.4.2 |
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-284, CWE-266 |
| Bulletin Family | |
| Source Data | juzaweb CMS 3.4.0 juzaweb CMS 3.4.1 juzaweb CMS 3.4.2 |
Source Information
| Source Data | juzaweb CMS 3.4.0 juzaweb CMS 3.4.1 juzaweb CMS 3.4.2 |
|---|---|
| Source Link |
Description
A vulnerability was found in juzaweb CMS up to 3.4.2 and classified as critical. This issue affects some unknown processing of the file /admin-cp/media of the component Media Page. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score Summary
Base Score: 5.3 (MEDIUM)