Integer Overflow in microweber

🗓️ 16 Mar 2022 00:00:46Reported by GitHub Advisory DatabaseType

Integer Overflow in Microweber. Allows large characters in "first & last name" input, leading to DoS via crafted HTTP request. Limit input to 50-100 characters

Reporter	Title	Published	Views	Family All 13
Huntr	The microweber application allows large characters to insert in the input field "fist & last name" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber	14 Mar 202215:08	–	huntr
ATTACKERKB	CVE-2022-0968	15 Mar 202216:15	–	attackerkb
CNNVD	Microweber 输入验证错误漏洞	15 Mar 202200:00	–	cnnvd
CVE	CVE-2022-0968	15 Mar 202215:40	–	cve
Cvelist	CVE-2022-0968 The microweber application allows large characters to insert in the input field "fist & last name" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber in microweber/microweber	15 Mar 202215:40	–	cvelist
EUVD	EUVD-2022-1321	3 Oct 202520:07	–	euvd
Nuclei	Microweber <1.2.12 - Integer Overflow	23 Jun 202605:08	–	nuclei
NVD	CVE-2022-0968	15 Mar 202216:15	–	nvd
OSV	CVE-2022-0968 The microweber application allows large characters to insert in the input field "fist & last name" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber in microweber/microweber	15 Mar 202215:40	–	osv
OSV	GHSA-5FXV-XX5P-G2FV Integer Overflow in microweber	16 Mar 202200:00	–	osv

Vulners

Node

microweber microweberRange≤1.2.11composer

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2022-0968
github	www.github.com/microweber/microweber/commit/80e39084729a57dfe749626c3b9d35247a14c49e
huntr	www.huntr.dev/bounties/97e36678-11cf-42c6-889c-892d415d9f9e
github	www.github.com/advisories/GHSA-5fxv-xx5p-g2fv

27 Jan 2023 05:00Current

3.8Low risk

Vulners AI Score3.8

CVSS 24

CVSS 3.15.5

CVSS 37.2

EPSS0.03731

CWE-190