Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
microweber microweber vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2018-17104
An issue exists in Microweber 1.0.7. There is a CSRF attack (against the admin user) that can add an administrative account via api/save_user.
Microweber Microweber 1.0.7
6.5
CVSSv2
CVE-2021-36461
An Arbitrary File Upload vulnerability exists in Microweber 1.1.3 that allows malicious users to getshell via the Settings Upload Picture section by uploading pictures with malicious code, user.ini.
Microweber Microweber 1.1.3
NA
CVE-2022-33012
Microweber v1.2.15 exists to allow malicious users to perform an account takeover via a host header injection attack.
Microweber Microweber 1.2.15
2.1
CVSSv2
CVE-2020-23136
Microweber v1.1.18 is affected by no session expiry after log-out.
Microweber Microweber 1.1.18
7.5
CVSSv2
CVE-2020-23138
An unrestricted file upload vulnerability exists in the Microweber 1.1.18 admin account page. An attacker can upload PHP code or any extension (eg- .exe) to the web server by providing image data and the image/jpeg content type with a .php extension.
Microweber Microweber 1.1.18
2.1
CVSSv2
CVE-2020-23139
Microweber 1.1.18 is affected by broken authentication and session management. Local session hijacking may occur, which could result in unauthorized access to system data or functionality, or a complete system compromise.
Microweber Microweber 1.1.18
5.8
CVSSv2
CVE-2020-23140
Microweber 1.1.18 is affected by insufficient session expiration. When changing passwords, both sessions for when a user changes email and old sessions in any other browser or device, the session does not expire and remains active.
Microweber Microweber 1.1.18
4.3
CVSSv2
CVE-2018-19917
Microweber 1.0.8 has reflected cross-site scripting (XSS) vulnerabilities.
Microweber Microweber 1.0.8
5.8
CVSSv2
CVE-2022-0855
Improper Resolution of Path Equivalence in GitHub repository microweber-dev/whmcs_plugin before 0.0.4.
Microweber Whmcs
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10