juzaweb/cms

Packagist4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting juzaweb/cmspage 1 of 1

CVE-2023-46468HIGHCVSS 7.8EG 7.8
2023-10-28
vulnerable: v1.0 ... v3.4 (68 versions)
An issue in juzawebCMS v.3.4 and before allows a remote attacker to execute arbitrary code via a crafted file to the custom plugin function.
CVE-2023-46906MEDIUMCVSS 4.9EG 4.9
2024-01-09
vulnerable: v1.0 ... v3.4 (68 versions)
juzaweb <= 3.4 is vulnerable to Incorrect Access Control, resulting in an application outage after a 500 HTTP status code. The payload in the timezone field was not correctly validated.
CVE-2025-6735MEDIUMCVSS 6.3EG 6.3
2025-06-27
vulnerable: v1.0 ... v3.4.2 (70 versions)
A vulnerability classified as critical has been found in juzaweb CMS 3.4.2. Affected is an unknown function of the file /admin-cp/imports of the component Import Page. The manipulation leads to improper authorization. It is possible to lau…
CVE-2025-6736MEDIUMCVSS 6.3EG 6.3
2025-06-27
vulnerable: v1.0 ... v3.4.2 (70 versions)
A vulnerability classified as critical was found in juzaweb CMS 3.4.2. Affected by this vulnerability is an unknown functionality of the file /admin-cp/theme/install of the component Add New Themes Page. The manipulation leads to improper …

Check whether juzaweb/cms is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for juzaweb/cms CVEs against the assets you own.

Start Free Scan →