Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
microweber vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-1877
Command Injection in GitHub repository microweber/microweber before 1.3.3.
Microweber Microweber
9.8
CVSSv3
CVE-2022-2368
Authentication Bypass by Spoofing in GitHub repository microweber/microweber before 1.2.20.
Microweber Microweber
9.8
CVSSv3
CVE-2022-0895
Static Code Injection in GitHub repository microweber/microweber before 1.3.
Microweber Microweber
9.8
CVSSv3
CVE-2020-23138
An unrestricted file upload vulnerability exists in the Microweber 1.1.18 admin account page. An attacker can upload PHP code or any extension (eg- .exe) to the web server by providing image data and the image/jpeg content type with a .php extension.
Microweber Microweber 1.1.18
8.8
CVSSv3
CVE-2023-49052
File Upload vulnerability in Microweber v.2.0.4 allows a remote malicious user to execute arbitrary code via a crafted script to the file upload function in the created forms component.
Microweber Microweber 2.0.4
1 Github repository
8.8
CVSSv3
CVE-2023-2240
Improper Privilege Management in GitHub repository microweber/microweber before 1.3.4.
Microweber Microweber
8.8
CVSSv3
CVE-2022-33012
Microweber v1.2.15 exists to allow malicious users to perform an account takeover via a host header injection attack.
Microweber Microweber 1.2.15
8.8
CVSSv3
CVE-2021-36461
An Arbitrary File Upload vulnerability exists in Microweber 1.1.3 that allows malicious users to getshell via the Settings Upload Picture section by uploading pictures with malicious code, user.ini.
Microweber Microweber 1.1.3
8.8
CVSSv3
CVE-2022-1631
Users Account Pre-Takeover or Users Account Takeover. in GitHub repository microweber/microweber before 1.2.15. Victim Account Take Over. Since, there is no email confirmation, an attacker can easily create an account in the application using the Victim’s Email. This allows...
Microweber Microweber
8.8
CVSSv3
CVE-2022-0896
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository microweber/microweber before 1.3.
Microweber Microweber
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »