1377 matches found
Directory traversal
A directory traversal issue in the Utils/Unzip module in Microweber through 1.1.20 allows an authenticated attacker to gain remote code execution via the backup restore feature. To exploit the vulnerability, an attacker must have the credentials of an administrative user, upload a maliciously...
CVE-2020-28337
A directory traversal issue in the Utils/Unzip module in Microweber through 1.1.20 allows an authenticated attacker to gain remote code execution via the backup restore feature. To exploit the vulnerability, an attacker must have the credentials of an administrative user, upload a maliciously...
CVE-2020-28337
CVE-2020-28337 affects Microweber up to version 1.1.20, due to a directory traversal flaw in the Utils/Unzip module. An authenticated administrative user can upload a malicious ZIP containing relative paths (for example ../../), place it in the backup directory, and trigger a restore to achieve r...
Microweber Path Traversal Vulnerability
Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A path traversal vulnerability exists in Microweber that arises from a failure of a...
Microweber Local Session Hijacking Vulnerability
Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A local session hijacking vulnerability exists in Microweber. An attacker could use this...
Microweber Session Expires After Logout Vulnerability
Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. Microweber has a security vulnerability. No details of the vulnerability are provided at...
Microweber Session Expires Improperly Vulnerability
Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A security vulnerability exists in Microweber. An attacker can exploit the vulnerability...
CVE-2020-23139
Microweber 1.1.18 is affected by broken authentication and session management. Local session hijacking may occur, which could result in unauthorized access to system data or functionality, or a complete system compromise...
CVE-2020-23136
Microweber v1.1.18 is affected by no session expiry after log-out...
CVE-2020-23138
An unrestricted file upload vulnerability was discovered in the Microweber 1.1.18 admin account page. An attacker can upload PHP code or any extension eg- .exe to the web server by providing image data and the image/jpeg content type with a .php extension...
CVE-2020-23140
Microweber 1.1.18 is affected by insufficient session expiration. When changing passwords, both sessions for when a user changes email and old sessions in any other browser or device, the session does not expire and remains active...
CVE-2020-23136
Microweber v1.1.18 is affected by no session expiry after log-out...
CVE-2020-23139
Microweber 1.1.18 is affected by broken authentication and session management. Local session hijacking may occur, which could result in unauthorized access to system data or functionality, or a complete system compromise...
CVE-2020-23140
Microweber 1.1.18 is affected by insufficient session expiration. When changing passwords, both sessions for when a user changes email and old sessions in any other browser or device, the session does not expire and remains active...
Design/Logic Flaw
Microweber v1.1.18 is affected by no session expiry after log-out...
Authentication flaw
Microweber 1.1.18 is affected by broken authentication and session management. Local session hijacking may occur, which could result in unauthorized access to system data or functionality, or a complete system compromise...
Session fixation
Microweber 1.1.18 is affected by insufficient session expiration. When changing passwords, both sessions for when a user changes email and old sessions in any other browser or device, the session does not expire and remains active...
Unrestricted file upload
An unrestricted file upload vulnerability was discovered in the Microweber 1.1.18 admin account page. An attacker can upload PHP code or any extension eg- .exe to the web server by providing image data and the image/jpeg content type with a .php extension...
CVE-2020-23140
CVE-2020-23140 affects Microweber 1.1.18 with insufficient session expiration. According to the connected documents, when a user changes password (and email), the existing sessions on other browsers/devices do not expire and remain active, enabling potential reuse of valid sessions across devices...
CVE-2020-23140
Microweber 1.1.18 is affected by insufficient session expiration. When changing passwords, both sessions for when a user changes email and old sessions in any other browser or device, the session does not expire and remains active...