PT-2025-23442 · Unknown · Juzawebcms
Cyber-Wo0Dy
·
Publicado
2025-06-02
·
Atualizado
2025-06-02
·
CVE-2025-5422
CVSS v4.0
5.3
Média
| Vetor | AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
juzaweb CMS versions up to 3.4.2
Description
A problematic issue was found in juzaweb CMS, affecting an unknown part of the file
/admin-cp/logs/email of the component Email Logs Page. This leads to improper access controls and can be initiated remotely. The issue has been publicly disclosed.Recommendations
For juzaweb CMS versions up to 3.4.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Improper Access Control
Incorrect Privilege Assignment
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Juzawebcms