PT-2025-23461 · Unknown · Juzawebcms
Cyber-Wo0Dy
·
Publicado
2025-06-02
·
Atualizado
2025-06-16
·
CVE-2025-5428
CVSS v2.0
6.5
Média
| Vetor | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
juzaweb CMS versions up to 3.4.2
Description
A critical issue has been discovered, affecting an unknown part of the file
/admin-cp/log-viewer of the component Error Logs Page. This leads to improper access controls, allowing for remote attacks. The issue has been publicly disclosed.Recommendations
For juzaweb CMS versions up to 3.4.2, update to a version later than 3.4.2 to resolve the issue.
As a temporary workaround, consider restricting access to the
/admin-cp/log-viewer endpoint until a patch is available.Exploit
Correção
Incorrect Privilege Assignment
Improper Access Control
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Juzawebcms