Lucene search
China National Vulnerability DatabaseCNVD-2022-12759HistoryFeb 15, 2022 - 12:00 a.m.
Microweber command injection vulnerability
2022-02-1500:00:00
China National Vulnerability Database
www.cnvd.org.cn
6
0.041 Low
EPSS
Percentile
92.2%
Microweber is an online store management system from the Microweber community in the United States that provides drag-and-drop functionality. The system includes modules for adding products, images, etc. A command injection vulnerability exists in Microweber, which stems from the failure of the network system or product to properly filter special characters, commands, etc. during the execution of commands entered by users in the construct. An attacker could use this vulnerability to take full control of a vulnerable system, disclose sensitive data, or perform privilege escalation.
| CPE | Name | Operator | Version |
|---|---|---|---|
| microweber microweber | lt | 1.2.11 |
Related
cvelist
cvelist
CVE-2022-0557 OS Command Injection in microweber/microweber
2022-02-11 08:45:10
cve
cve
CVE-2022-0557
2022-02-11 09:15:06
osv
osv
OS Command Injection in Microweber
2022-02-12 00:00:49
CVE-2022-0557
2022-02-11 09:15:06
nvd
nvd
CVE-2022-0557
2022-02-11 09:15:06
github
github
OS Command Injection in Microweber
2022-02-12 00:00:49
veracode
veracode
OS Command Injection
2022-02-14 08:02:39
checkpoint_advisories
checkpoint_advisories
Packagist Microweber Arbitrary File Upload (CVE-2022-0557)
2022-11-27 00:00:00
huntr
huntr
OS Command Injection in microweber/microweber
2022-02-05 15:03:29
prion
prion
Command injection
2022-02-11 09:15:00
packetstorm
packetstorm
Microweber 1.2.11 Shell Upload
2022-02-21 00:00:00
zdt
zdt
Microweber 1.2.11 - Remote Code Execution (Authenticated) Vulnerability
2022-02-21 00:00:00
exploitdb
exploitdb
Microweber 1.2.11 - Remote Code Execution (RCE) (Authenticated)
2022-02-21 00:00:00