关键信息 漏洞标题 Juzaweb Juzaweb CMS 3.4.2 Broken Access Control on "Email Logs" Page 漏洞描述 Vulnerability Description: An unprivileged user can access email logs generated by the application. 影响 Impact: By exploiting this vulnerability, a user with few privileges can view information related to email logs and thus obtain private information related to sent emails. 复现步骤 1. Create a new user and add it to a role with all permissions disabled. 2. Log in with this user's account. 3. Access the address . 4. Note that the user can view logs related to emails sent in the CMS. 来源 Source: https://github.com/Cyber-Wo0dy/report/blob/main/juzawebcms/3.4.2/juzawebcms_unprivileged_user_access_email_logs.md 提交者 User: Anonymous User 提交时间 Submission: 05/24/2025 02:51 AM (10 days ago) 审核时间 Moderation: 06/01/2025 12:48 PM (8 days later) 状态 Status: Approved VulDB条目 VulDB Entry: [juzaweb CMS up to 3.4.2 Email Logs Page /admin-cp/logs/email access control] 积分 Points: 20