CVE-2025-6736

Medium CVSS: 5.3

A vulnerability classified as critical was found in juzaweb CMS 3.4.2. Affected by this vulnerability is an unknown functionality of the file /admin-cp/theme/install of the component Add New Themes Page. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor

Juzaweb

Product

Cms

CWE

CWE-266

Yayın Tarihi

2025-06-27 00:15:38

Güncelleme

2025-07-11 14:22:16

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-266 Cms MEDIUM Juzaweb 2025

Referanslar

https://github.com/Cyber-Wo0dy/report/blob/main/juzawebcms/3.4.2/juzawebcms_unprivileged_user_upload_new_themes.md https://vuldb.com/?ctiid.314011 https://vuldb.com/?id.314011 https://vuldb.com/?submit.597779

Benzer Kayıtlar

Medium

CVE-2025-6735

A vulnerability classified as critical has been found in juzaweb CMS 3.4.2. Affected is an unknown function of the file…

Medium

CVE-2025-5429

A vulnerability classified as critical was found in juzaweb CMS up to 3.4.2. This vulnerability affects unknown code of…

Medium

CVE-2025-5427

A vulnerability was found in juzaweb CMS up to 3.4.2. It has been rated as critical. Affected by this issue is some unkn…

Medium

CVE-2025-5428

A vulnerability classified as critical has been found in juzaweb CMS up to 3.4.2. This affects an unknown part of the fi…

Medium

CVE-2025-5424

A vulnerability was found in juzaweb CMS up to 3.4.2 and classified as critical. This issue affects some unknown process…

Medium

CVE-2025-5425

A vulnerability was found in juzaweb CMS up to 3.4.2. It has been classified as critical. Affected is an unknown functio…