CVE-2023-46906

Description

juzaweb <= 3.4 is vulnerable to Incorrect Access Control, resulting in an application outage after a 500 HTTP status code. The payload in the timezone field was not correctly validated.

Affected packages (1)

• Packagist/juzaweb/cmsfrom 0, <= 3.4

CVSS scores

References (3)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-46906
• PATCHhttps://github.com/juzaweb/cms
• WEBhttps://www.sumor.top/index.php/archives/880