Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
microweber vulnerabilities and exploits
(subscribe to this query)
802
VMScore
CVE-2022-0557
OS Command Injection in Packagist microweber/microweber before 1.2.11.
Microweber Microweber
755
VMScore
CVE-2014-9464
SQL injection vulnerability in Category.php in Microweber CMS 0.95 prior to 20141209 allows remote malicious users to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parent_id variable.
Microweber Microweber
1 EDB exploit
668
VMScore
CVE-2022-2368
Authentication Bypass by Spoofing in GitHub repository microweber/microweber before 1.2.20.
Microweber Microweber
668
VMScore
CVE-2022-0895
Static Code Injection in GitHub repository microweber/microweber before 1.3.
Microweber Microweber
668
VMScore
CVE-2020-23138
An unrestricted file upload vulnerability exists in the Microweber 1.1.18 admin account page. An attacker can upload PHP code or any extension (eg- .exe) to the web server by providing image data and the image/jpeg content type with a .php extension.
Microweber Microweber 1.1.18
641
VMScore
CVE-2020-13241
Microweber 1.1.18 allows Unrestricted File Upload because admin/view:modules/load_module:users#edit-user=1 does not verify that the file extension (used with the Add Image option on the Edit User screen) corresponds to an image file.
Microweber Microweber 1.1.18
605
VMScore
CVE-2022-1631
Users Account Pre-Takeover or Users Account Takeover. in GitHub repository microweber/microweber before 1.2.15. Victim Account Take Over. Since, there is no email confirmation, an attacker can easily create an account in the application using the Victim’s Email. This allows...
Microweber Microweber
605
VMScore
CVE-2022-0896
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository microweber/microweber before 1.3.
Microweber Microweber
605
VMScore
CVE-2018-17104
An issue exists in Microweber 1.0.7. There is a CSRF attack (against the admin user) that can add an administrative account via api/save_user.
Microweber Microweber 1.0.7
578
VMScore
CVE-2021-36461
An Arbitrary File Upload vulnerability exists in Microweber 1.1.3 that allows malicious users to getshell via the Settings Upload Picture section by uploading pictures with malicious code, user.ini.
Microweber Microweber 1.1.3
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »