Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
microweber vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2018-17104
An issue exists in Microweber 1.0.7. There is a CSRF attack (against the admin user) that can add an administrative account via api/save_user.
Microweber Microweber 1.0.7
8.1
CVSSv3
CVE-2020-23140
Microweber 1.1.18 is affected by insufficient session expiration. When changing passwords, both sessions for when a user changes email and old sessions in any other browser or device, the session does not expire and remains active.
Microweber Microweber 1.1.18
7.8
CVSSv3
CVE-2020-13241
Microweber 1.1.18 allows Unrestricted File Upload because admin/view:modules/load_module:users#edit-user=1 does not verify that the file extension (used with the Add Image option on the Edit User screen) corresponds to an image file.
Microweber Microweber 1.1.18
7.5
CVSSv3
CVE-2023-48122
An issue in microweber v.2.0.1 and fixed in v.2.0.4 allows a remote malicious user to obtain sensitive information via the HTTP GET method.
Microweber Microweber
7.5
CVSSv3
CVE-2023-5318
Use of Hard-coded Credentials in GitHub repository microweber/microweber before 2.0.
Microweber Microweber
7.5
CVSSv3
CVE-2022-1036
Able to create an account with long password leads to memory corruption / Integer Overflow in GitHub repository microweber/microweber before 1.2.12.
Microweber Microweber
7.5
CVSSv3
CVE-2022-0913
Integer Overflow or Wraparound in GitHub repository microweber/microweber before 1.3.
Microweber Microweber
7.5
CVSSv3
CVE-2022-0777
Weak Password Recovery Mechanism for Forgotten Password in GitHub repository microweber/microweber before 1.3.
Microweber Microweber
7.5
CVSSv3
CVE-2022-0666
CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber before 1.2.11.
Microweber Microweber
7.5
CVSSv3
CVE-2022-0660
Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber before 1.2.11.
Microweber Microweber
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »