Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
microweber vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2022-0557
OS Command Injection in Packagist microweber/microweber before 1.2.11.
Microweber Microweber
7.5
CVSSv2
CVE-2022-2368
Authentication Bypass by Spoofing in GitHub repository microweber/microweber before 1.2.20.
Microweber Microweber
7.5
CVSSv2
CVE-2022-0895
Static Code Injection in GitHub repository microweber/microweber before 1.3.
Microweber Microweber
7.5
CVSSv2
CVE-2020-23138
An unrestricted file upload vulnerability exists in the Microweber 1.1.18 admin account page. An attacker can upload PHP code or any extension (eg- .exe) to the web server by providing image data and the image/jpeg content type with a .php extension.
Microweber Microweber 1.1.18
7.5
CVSSv2
CVE-2014-9464
SQL injection vulnerability in Category.php in Microweber CMS 0.95 prior to 20141209 allows remote malicious users to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parent_id variable.
Microweber Microweber
1 EDB exploit
7.2
CVSSv2
CVE-2020-13241
Microweber 1.1.18 allows Unrestricted File Upload because admin/view:modules/load_module:users#edit-user=1 does not verify that the file extension (used with the Add Image option on the Edit User screen) corresponds to an image file.
Microweber Microweber 1.1.18
6.8
CVSSv2
CVE-2022-1631
Users Account Pre-Takeover or Users Account Takeover. in GitHub repository microweber/microweber before 1.2.15. Victim Account Take Over. Since, there is no email confirmation, an attacker can easily create an account in the application using the Victim’s Email. This allows...
Microweber Microweber
6.8
CVSSv2
CVE-2022-0896
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository microweber/microweber before 1.3.
Microweber Microweber
6.8
CVSSv2
CVE-2018-17104
An issue exists in Microweber 1.0.7. There is a CSRF attack (against the admin user) that can add an administrative account via api/save_user.
Microweber Microweber 1.0.7
6.5
CVSSv2
CVE-2021-36461
An Arbitrary File Upload vulnerability exists in Microweber 1.1.3 that allows malicious users to getshell via the Settings Upload Picture section by uploading pictures with malicious code, user.ini.
Microweber Microweber 1.1.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »