CVE Details
Basic Information
| Title | juzaweb CMS Add New Themes Page install improper authorization |
|---|---|
| Type | cve |
| Published | 2025-06-26T23:31:08.342Z |
| Last Seen |
Product Information
| Vendor | juzaweb |
|---|---|
| Product | CMS |
| Version | 3.4.2 |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A critical vulnerability in juzaweb CMS 3.4.2 allows unauthorized users to exploit improper authorization in the Add New Themes Page, potentially leading to remote attacks. The issue was disclosed publicly, and the vendor did not respond. This could allow attackers to perform actions they shouldn’t be able to, posing a significant risk. |
|---|---|
| AI Severity | Medium |
| Vendor | juzaweb |
| Product | juzaweb CMS |
| Affected Version | 3.4.2 |
Affected Products
- juzaweb CMS 3.4.2
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-285, CWE-266 |
| Bulletin Family |
References
Description
A vulnerability classified as critical was found in juzaweb CMS 3.4.2. Affected by this vulnerability is an unknown functionality of the file /admin-cp/theme/install of the component Add New Themes Page. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.