Lucene search
China National Vulnerability DatabaseCNVD-2022-20577HistoryMar 15, 2022 - 12:00 a.m.
Microweber remote code execution vulnerability
2022-03-1500:00:00
China National Vulnerability Database
www.cnvd.org.cn
8
0.001 Low
EPSS
Percentile
42.3%
Microweber is an online store management system from the Microweber community in the United States that provides drag-and-drop functionality. The system includes modules for adding products, images, etc. A remote code execution vulnerability exists in versions of microweber prior to 1.2.12, which stems from the fact that administrators can use the Backup module to upload malicious PHP files, which can be exploited by attackers to cause remote code execution.
| CPE | Name | Operator | Version |
|---|---|---|---|
| microweber microweber | lt | 1.2.12 |
Related
osv
osv
CVE-2022-0921
2022-03-11 18:15:29
Unrestricted Upload of File with Dangerous Type in Microweber
2022-03-12 00:00:30
veracode
veracode
Remote Code Execution (RCE)
2022-03-14 10:28:03
nvd
nvd
CVE-2022-0921
2022-03-11 18:15:29
huntr
huntr
Abusing Backup/Restore feature to achieve Remote Code Execution
2022-03-09 18:14:16
prion
prion
Design/Logic Flaw
2022-03-11 18:15:00
cve
cve
CVE-2022-0921
2022-03-11 18:15:29
cvelist
cvelist
github
github
Unrestricted Upload of File with Dangerous Type in Microweber
2022-03-12 00:00:30