JuzaWeb CMS version 3.4.2 allows authenticated remote code execution via the Plugin Editor interface. An attacker with admin credentials can inject a PHP web shell into plugin files and execute arbitrary OS commands through a modified API route.
| Vendor | Product | Versions |
|---|---|---|
| juzaweb | juzaweb cms | 3.4.2 |
