Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Microweber CMS 1.2.15 Account Takeover

🗓️ 03 Jun 2022 00:00:00Reported by Manojkumar JType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 228 Views

Microweber CMS 1.2.15 E-commerce Account Takeover via Oauth Misconfiguratio

Related
Code
ReporterTitlePublishedViews
Family
0day.today		Microweber CMS 1.2.15 - Account Takeover Vulnerability
3 Jun 202200:00
zdt
Huntr		Users Account Pre-Takeover or Users Account Takeover.
5 May 202223:57
huntr
Huntr		Account Takeover and Persistence due to the Oauth Misconfiguration
12 Feb 202313:07
huntr
ATTACKERKB		CVE-2022-1631
9 May 202214:15
attackerkb
Circl		CVE-2022-1631
9 May 202218:36
circl
CNNVD		Microweber 安全漏洞
9 May 202200:00
cnnvd
CVE		CVE-2022-1631
9 May 202214:10
cve
Cvelist		CVE-2022-1631 Users Account Pre-Takeover or Users Account Takeover. in microweber/microweber
9 May 202214:10
cvelist
Exploit DB		Microweber CMS 1.2.15 - Account Takeover
3 Jun 202200:00
exploitdb
EUVD		EUVD-2022-2903
3 Oct 202520:07
euvd
Rows per page
`# Exploit Title: Microweber CMS 1.2.15 - Account Takeover  
# Date: 2022-05-09  
# Exploit Author: Manojkumar J  
# Vendor Homepage: https://github.com/microweber/microweber  
# Software Link: https://github.com/microweber/microweber/releases/tag/v1.2.15  
# Version: <=1.2.15  
# Tested on: Windows10  
# CVE : CVE-2022-1631  
  
# Description:  
  
Microweber Drag and Drop Website Builder E-commerce CMS v1.2.15 Oauth  
Misconfiguration Leads To Account Takeover.  
  
# Steps to exploit:  
  
1. Create an account with the victim's email address.  
  
Register endpoint: https://target-website.com/register#  
  
2. When the victim tries to login with default Oauth providers like Google,  
Github, Microsoft, Twitter, Linkedin, Telegram or Facebook etc(auth login)  
with that same e-mail id that we created account before, via this way we  
can take over the victim's account with the recently created login  
credentials.  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
03 Jun 2022 00:00Current
7.7High risk
Vulners AI Score7.7
CVSS 26.8
CVSS 3.18.8
CVSS 36.8
EPSS0.11741
microweber cmse-commerceaccount takeoveroauth misconfigurationcve-2022-1631windows10
228