Juzaweb

Cms

15 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.3

CVE-2025-5421

Exploit
  • EPSS 0.07%
  • Veröffentlicht 02.06.2025 00:31:04
  • Zuletzt bearbeitet 18.06.2025 15:15:48

A vulnerability, which was classified as critical, has been found in juzaweb CMS up to 3.4.2. Affected by this issue is some unknown functionality of the file /admin-cp/plugin/editor of the component Plugin Editor Page. The manipulation leads to impr...

5.4

CVE-2025-5420

Exploit
  • EPSS 0.05%
  • Veröffentlicht 02.06.2025 00:00:15
  • Zuletzt bearbeitet 18.06.2025 15:16:05

A vulnerability classified as problematic was found in juzaweb CMS up to 3.4.2. Affected by this vulnerability is an unknown functionality of the file /admin-cp/file-manager/upload of the component Profile Page. The manipulation of the argument Uploa...

4.9

CVE-2024-7551

Exploit
  • EPSS 0.58%
  • Veröffentlicht 06.08.2024 13:15:57
  • Zuletzt bearbeitet 12.08.2024 16:12:12

A vulnerability was found in juzaweb CMS up to 3.4.2. It has been classified as problematic. Affected is an unknown function of the file /admin-cp/theme/editor/default of the component Theme Editor. The manipulation leads to path traversal. It is pos...

4.9

CVE-2023-46906

Exploit
  • EPSS 0.13%
  • Veröffentlicht 09.01.2024 01:15:38
  • Zuletzt bearbeitet 17.04.2025 18:15:45

juzaweb <= 3.4 is vulnerable to Incorrect Access Control, resulting in an application outage after a 500 HTTP status code. The payload in the timezone field was not correctly validated.

5.4

CVE-2023-46467

Exploit
  • EPSS 0.12%
  • Veröffentlicht 28.10.2023 01:15:51
  • Zuletzt bearbeitet 21.11.2024 08:28:33

Cross Site Scripting vulnerability in juzawebCMS v.3.4 and before allows a remote attacker to execute arbitrary code via a crafted payload to the username parameter of the registration page.