PT-2025-23461 · Unknown · Juzawebcms
Cyber-Wo0Dy
·
Published
2025-06-02
·
Updated
2025-06-16
·
CVE-2025-5428
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
juzaweb CMS versions up to 3.4.2
Description
A critical issue has been discovered, affecting an unknown part of the file
/admin-cp/log-viewer of the component Error Logs Page. This leads to improper access controls, allowing for remote attacks. The issue has been publicly disclosed.Recommendations
For juzaweb CMS versions up to 3.4.2, update to a version later than 3.4.2 to resolve the issue.
As a temporary workaround, consider restricting access to the
/admin-cp/log-viewer endpoint until a patch is available.Exploit
Fix
Incorrect Privilege Assignment
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Juzawebcms