Lucene search
+L

1377 matches found

Prion
Prion
added 2021/02/15 8:15 p.m.26 views

Directory traversal

A directory traversal issue in the Utils/Unzip module in Microweber through 1.1.20 allows an authenticated attacker to gain remote code execution via the backup restore feature. To exploit the vulnerability, an attacker must have the credentials of an administrative user, upload a maliciously...

6.5CVSS7.4AI score0.16611EPSS
Exploits4References4Affected Software1
Cvelist
Cvelist
added 2021/02/15 7:51 p.m.44 views

CVE-2020-28337

A directory traversal issue in the Utils/Unzip module in Microweber through 1.1.20 allows an authenticated attacker to gain remote code execution via the backup restore feature. To exploit the vulnerability, an attacker must have the credentials of an administrative user, upload a maliciously...

7.4AI score0.16611EPSS
Exploits4References4
CVE
CVE
added 2021/02/15 7:51 p.m.123 views

CVE-2020-28337

CVE-2020-28337 affects Microweber up to version 1.1.20, due to a directory traversal flaw in the Utils/Unzip module. An authenticated administrative user can upload a malicious ZIP containing relative paths (for example ../../), place it in the backup directory, and trigger a restore to achieve r...

7.2CVSS7.3AI score0.16611EPSS
Exploits4References4Affected Software1
CNNVD
CNNVD
added 2021/02/15 12:0 a.m.8 views

Microweber Path Traversal Vulnerability

Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A path traversal vulnerability exists in Microweber that arises from a failure of a...

7.2CVSS7.1AI score0.16611EPSS
Exploits4References7
CNVD
CNVD
added 2020/11/10 12:0 a.m.7 views

Microweber Local Session Hijacking Vulnerability

Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A local session hijacking vulnerability exists in Microweber. An attacker could use this...

5.5CVSS6.8AI score0.00306EPSS
Exploits0References1
CNVD
CNVD
added 2020/11/10 12:0 a.m.4 views

Microweber Session Expires After Logout Vulnerability

Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. Microweber has a security vulnerability. No details of the vulnerability are provided at...

5.5CVSS6.9AI score0.0032EPSS
Exploits0References1
CNVD
CNVD
added 2020/11/10 12:0 a.m.4 views

Microweber Session Expires Improperly Vulnerability

Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A security vulnerability exists in Microweber. An attacker can exploit the vulnerability...

8.1CVSS6.9AI score0.01018EPSS
Exploits0References1
NVD
NVD
added 2020/11/09 6:15 p.m.17 views

CVE-2020-23139

Microweber 1.1.18 is affected by broken authentication and session management. Local session hijacking may occur, which could result in unauthorized access to system data or functionality, or a complete system compromise...

5.5CVSS5.5AI score0.00306EPSS
Exploits0References1
NVD
NVD
added 2020/11/09 6:15 p.m.17 views

CVE-2020-23136

Microweber v1.1.18 is affected by no session expiry after log-out...

5.5CVSS5.6AI score0.0032EPSS
Exploits0References1
OSV
OSV
added 2020/11/09 6:15 p.m.4 views

CVE-2020-23138

An unrestricted file upload vulnerability was discovered in the Microweber 1.1.18 admin account page. An attacker can upload PHP code or any extension eg- .exe to the web server by providing image data and the image/jpeg content type with a .php extension...

9.8CVSS7.4AI score0.01299EPSS
Exploits0References2
NVD
NVD
added 2020/11/09 6:15 p.m.24 views

CVE-2020-23140

Microweber 1.1.18 is affected by insufficient session expiration. When changing passwords, both sessions for when a user changes email and old sessions in any other browser or device, the session does not expire and remains active...

8.1CVSS8.1AI score0.01018EPSS
Exploits0References1
OSV
OSV
added 2020/11/09 6:15 p.m.6 views

CVE-2020-23136

Microweber v1.1.18 is affected by no session expiry after log-out...

5.5CVSS6.1AI score0.0032EPSS
Exploits0References2
OSV
OSV
added 2020/11/09 6:15 p.m.6 views

CVE-2020-23139

Microweber 1.1.18 is affected by broken authentication and session management. Local session hijacking may occur, which could result in unauthorized access to system data or functionality, or a complete system compromise...

5.5CVSS6.1AI score0.00306EPSS
Exploits0References1
OSV
OSV
added 2020/11/09 6:15 p.m.5 views

CVE-2020-23140

Microweber 1.1.18 is affected by insufficient session expiration. When changing passwords, both sessions for when a user changes email and old sessions in any other browser or device, the session does not expire and remains active...

8.1CVSS7.3AI score0.01018EPSS
Exploits0References1
Prion
Prion
added 2020/11/09 6:15 p.m.17 views

Design/Logic Flaw

Microweber v1.1.18 is affected by no session expiry after log-out...

2.1CVSS5.5AI score0.0032EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2020/11/09 6:15 p.m.16 views

Authentication flaw

Microweber 1.1.18 is affected by broken authentication and session management. Local session hijacking may occur, which could result in unauthorized access to system data or functionality, or a complete system compromise...

2.1CVSS5.5AI score0.00306EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/11/09 6:15 p.m.19 views

Session fixation

Microweber 1.1.18 is affected by insufficient session expiration. When changing passwords, both sessions for when a user changes email and old sessions in any other browser or device, the session does not expire and remains active...

5.8CVSS8AI score0.01018EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/11/09 6:15 p.m.17 views

Unrestricted file upload

An unrestricted file upload vulnerability was discovered in the Microweber 1.1.18 admin account page. An attacker can upload PHP code or any extension eg- .exe to the web server by providing image data and the image/jpeg content type with a .php extension...

7.5CVSS9.4AI score0.01299EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/11/09 5:3 p.m.52 views

CVE-2020-23140

CVE-2020-23140 affects Microweber 1.1.18 with insufficient session expiration. According to the connected documents, when a user changes password (and email), the existing sessions on other browsers/devices do not expire and remain active, enabling potential reuse of valid sessions across devices...

8.1CVSS8AI score0.01018EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/11/09 5:3 p.m.25 views

CVE-2020-23140

Microweber 1.1.18 is affected by insufficient session expiration. When changing passwords, both sessions for when a user changes email and old sessions in any other browser or device, the session does not expire and remains active...

8.1AI score0.01018EPSS
Exploits0References1
Rows per page
Query Builder