Microweber Security Vulnerabilities
File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to...
4.8CVSS
4.8AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.001EPSS
File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to...
4.8CVSS
4.8AI Score
0.001EPSS
Abusing Backup/Restore feature to achieve Remote Code Execution in GitHub repository microweber/microweber prior to...
6.7CVSS
6.7AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to...
5.4CVSS
5.2AI Score
0.001EPSS
Integer Overflow or Wraparound in GitHub repository microweber/microweber prior to...
7.5CVSS
7.5AI Score
0.001EPSS
Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to...
4.8CVSS
5AI Score
0.001EPSS
Unrestricted file upload leads to stored XSS in GitHub repository microweber/microweber prior to...
4.8CVSS
4.8AI Score
0.001EPSS
9.8CVSS
9.6AI Score
0.002EPSS
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository microweber/microweber prior to...
8.8CVSS
8.6AI Score
0.003EPSS
Improper Resolution of Path Equivalence in GitHub repository microweber-dev/whmcs_plugin prior to...
6.1CVSS
6.2AI Score
0.001EPSS
Weak Password Recovery Mechanism for Forgotten Password in GitHub repository microweber/microweber prior to...
7.5CVSS
7.5AI Score
0.001EPSS
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to...
5.4CVSS
5.2AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to...
4.8CVSS
4.8AI Score
0.001EPSS
5.5CVSS
4.5AI Score
0.001EPSS
Insecure Storage of Sensitive Information in GitHub repository microweber/microweber prior to...
6.5CVSS
6.3AI Score
0.001EPSS
Insertion of Sensitive Information Into Debugging Code in GitHub repository microweber/microweber prior to...
6.5CVSS
6.4AI Score
0.001EPSS
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to...
5.4CVSS
5.3AI Score
0.001EPSS
4.9CVSS
4.9AI Score
0.001EPSS
Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to...
6.1CVSS
5.9AI Score
0.001EPSS
Use multiple time the one-time coupon in Packagist microweber/microweber prior to...
5.3CVSS
5.1AI Score
0.001EPSS
Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to...
6.1CVSS
5.9AI Score
0.001EPSS
CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to...
7.5CVSS
7.5AI Score
0.029EPSS
Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to...
7.5CVSS
7.3AI Score
0.006EPSS
4.3CVSS
4.6AI Score
0.001EPSS
6.1CVSS
6AI Score
0.001EPSS
Improper Validation of Specified Quantity in Input in Packagist microweber/microweber prior to...
4.3CVSS
4.5AI Score
0.001EPSS
6.1CVSS
6.1AI Score
0.001EPSS
7.2CVSS
6.9AI Score
0.041EPSS
5.4CVSS
5.1AI Score
0.001EPSS
6.5CVSS
6.4AI Score
0.001EPSS
Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to...
6.5CVSS
6.2AI Score
0.001EPSS
5.4CVSS
5.1AI Score
0.001EPSS
Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to...
5.4CVSS
5.1AI Score
0.001EPSS
5.4CVSS
5.1AI Score
0.001EPSS
7.5CVSS
7.2AI Score
0.001EPSS
Exposure of Sensitive Information to an Unauthorized Actor in Packagist microweber/microweber prior to...
7.5CVSS
7.3AI Score
0.004EPSS
Incorrect Permission Assignment for Critical Resource in Packagist microweber/microweber prior to...
6.5CVSS
6.3AI Score
0.001EPSS
5.4CVSS
5.1AI Score
0.001EPSS
Cross Site Scripting (XSS). vulnerability exists in Microweber CMS 1.2.7 via the Login form, which could let a malicious user execute Javascript by Inserting code in the request...
6.1CVSS
6.2AI Score
0.001EPSS
A directory traversal issue in the Utils/Unzip module in Microweber through 1.1.20 allows an authenticated attacker to gain remote code execution via the backup restore feature. To exploit the vulnerability, an attacker must have the credentials of an administrative user, upload a maliciously...
7.2CVSS
7.3AI Score
0.034EPSS
An unrestricted file upload vulnerability was discovered in the Microweber 1.1.18 admin account page. An attacker can upload PHP code or any extension (eg- .exe) to the web server by providing image data and the image/jpeg content type with a .php...
9.8CVSS
9.5AI Score
0.002EPSS
Microweber 1.1.18 is affected by broken authentication and session management. Local session hijacking may occur, which could result in unauthorized access to system data or functionality, or a complete system...
5.5CVSS
5.5AI Score
0.0004EPSS
Microweber 1.1.18 is affected by insufficient session expiration. When changing passwords, both sessions for when a user changes email and old sessions in any other browser or device, the session does not expire and remains...
8.1CVSS
8AI Score
0.002EPSS
5.5CVSS
5.5AI Score
0.0004EPSS
userfiles/modules/users/controller/controller.php in Microweber before 1.1.20 allows an unauthenticated user to disclose the users database via a /modules/ POST...
7.5CVSS
7.3AI Score
0.01EPSS
Microweber 1.1.18 allows Unrestricted File Upload because admin/view:modules/load_module:users#edit-user=1 does not verify that the file extension (used with the Add Image option on the Edit User screen) corresponds to an image...
7.8CVSS
7.5AI Score
0.001EPSS
6.1CVSS
6.1AI Score
0.024EPSS
An issue was discovered in Microweber 1.0.7. There is a CSRF attack (against the admin user) that can add an administrative account via...
8.8CVSS
8.7AI Score
0.005EPSS
Directory traversal vulnerability in userfiles/modules/admin/backup/delete.php in Microweber before 0.830 allows remote attackers to delete arbitrary files via a .. (dot dot) in the file...
6.8AI Score
0.004EPSS