Lucene search
GoogleOSV:GHSA-582P-2FPG-X226HistoryApr 05, 2023 - 6:30 p.m.
Microweber vulnerable to command injection
2023-04-0518:30:18
Google
osv.dev
8
microweber
vulnerable
command injection
server-side template
arbitrary code execution
software security
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
51.5%
microweber/microweber prior to 1.3.3 is vulnerable to command injection in the “first name” field. This allows for server-side template injection, which can lead to arbitrary code execution.
Related
huntr
huntr
RCE by Server Side Template Injection
2023-02-09 23:29:31
prion
prion
Command injection
2023-04-05 17:15:00
osv
osv
CVE-2023-1877
2023-04-05 17:15:06
cvelist
cvelist
CVE-2023-1877 Command Injection in microweber/microweber
2023-04-05 00:00:00
cve
cve
CVE-2023-1877
2023-04-05 17:15:06
veracode
veracode
Command Injection
2023-04-26 06:02:55
github
github
Microweber vulnerable to command injection
2023-04-05 18:30:18
nvd
nvd
CVE-2023-1877
2023-04-05 17:15:06
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
51.5%
Related for OSV:GHSA-582P-2FPG-X226