Lucene search
China National Vulnerability DatabaseCNVD-2023-98203HistoryDec 04, 2023 - 12:00 a.m.
Microweber File Upload Vulnerability (CNVD-2023-9820348)
2023-12-0400:00:00
China National Vulnerability Database
www.cnvd.org.cn
3
microweber
file upload
vulnerability
remote code execution
version 2.0.4
Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A file upload vulnerability exists in Microweber version v.2.0.4, which stems from the application’s lack of validation of uploaded files. The vulnerability can be exploited by a remote attacker to execute arbitrary code via the file upload function in the created forms component using a crafted script.
| CPE | Name | Operator | Version |
|---|---|---|---|
| microweber microweber v. | eq | 2.0.4 |
Related
cve
cve
CVE-2023-49052
2023-11-30 07:15:08
cvelist
cvelist
CVE-2023-49052
2023-11-30 00:00:00
github
github
Microweber file upload vulnerability
2023-11-30 09:30:31
osv
osv
Microweber file upload vulnerability
2023-11-30 09:30:31
CVE-2023-49052
2023-11-30 07:15:08
prion
prion
Unrestricted file upload
2023-11-30 07:15:00
veracode
veracode
Unrestricted File Upload
2023-12-01 07:06:53
nvd
nvd
CVE-2023-49052
2023-11-30 07:15:08