5 matches found
Microweber CMS 1.2.15 Account Takeover
Exploit Title: Microweber CMS 1.2.15 - Account Takeover Date: 2022-05-09 Exploit Author: Manojkumar J Vendor Homepage: https://github.com/microweber/microweber Software Link: https://github.com/microweber/microweber/releases/tag/v1.2.15 Version: =1.2.15 Tested on: Windows10 CVE : CVE-2022-1631...
Microweber CMS 1.2.15 - Account Takeover Vulnerability
Exploit Title: Microweber CMS 1.2.15 - Account Takeover Exploit Author: Manojkumar J Vendor Homepage: https://github.com/microweber/microweber Software Link: https://github.com/microweber/microweber/releases/tag/v1.2.15 Version: =1.2.15 Tested on: Windows10 CVE : CVE-2022-1631 Description:...
CVE-2022-1631
creationtimestamp| type| source ---|---|--- 2022-05-09 18:36:24+00:00| seen| https://t.me/cibsecurity/42177...
CVE-2022-1631 Users Account Pre-Takeover or Users Account Takeover. in microweber/microweber
Users Account Pre-Takeover or Users Account Takeover. in GitHub repository microweber/microweber prior to 1.2.15. Victim Account Take Over. Since, there is no email confirmation, an attacker can easily create an account in the application using the Victim’s Email. This allows an attacker to gain...
CVE-2022-1631
The CVE-2022-1631 issue affects microweber/microweber before v1.2.15, described across multiple sources as an OAuth misconfiguration that enables account takeover. The root cause is the lack of email confirmation and insufficient validation of emails from social login providers, allowing an attac...