1377 matches found
CVE-2014-9464
SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parentid variable...
CVE-2014-9464
SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parentid variable...
CVE-2014-9464
CVE-2014-9464 describes a SQL injection in Microweber CMS 0.95 (before 20141209) via the category parameter in Category.php, related to the $parent_id variable. The root cause is unsafe SQL construction in get_children, enabling remote attackers to execute arbitrary SQL commands. Public disclosur...
Microweber 0.905 - Error Based SQL Injection
No description provided by source. =============================================================================== | | / / / / / / // / / -/ - / // / / / / // / ////,//////,// ///, / // team PUBLIC SECURITY ADVISORY | |...
Microweber CMS 0.93 - CSRF Vulnerability
No description provided by source. Exploit Title: Microweber CMS v0.93 CSRF Vulnerability Author: sajith version: Microweber CMS v0.93 Vendor Homepage: http://microweber.com/ vulnerable app link:http://microweber.com/download Application is vulnerable to CSRF.below is the POC where attacker can u...
CVE-2013-5984
Directory traversal vulnerability in userfiles/modules/admin/backup/delete.php in Microweber before 0.830 allows remote attackers to delete arbitrary files via a .. dot dot in the file parameter...
CVE-2013-5984
Directory traversal vulnerability in userfiles/modules/admin/backup/delete.php in Microweber before 0.830 allows remote attackers to delete arbitrary files via a .. dot dot in the file parameter...
CVE-2013-5984
Microweber is vulnerable to CVE-2013-5984 due to improper access control in /userfiles/modules/admin/backup/delete.php. An unauthenticated remote attacker can delete arbitrary files by manipulating the file parameter (directory traversal). The advisory notes that this can lead to system compromis...
Microweber CMS 0.93 - CSRF Vulnerability
Exploit for php platform in category web applications Exploit Title: Microweber CMS v0.93 CSRF Vulnerability Author: sajith version: Microweber CMS v0.93 Vendor Homepage: http://microweber.com/ vulnerable app link:http://microweber.com/download Application is vulnerable to CSRF.below is the POC...
Microweber CMS 0.93 - Cross-Site Request Forgery
Microweber CMS 0.93 - Cross-Site Request Forgery Exploit Title: Microweber CMS v0.93 CSRF Vulnerability Author: sajith version: Microweber CMS v0.93 Vendor Homepage: http://microweber.com/ vulnerable app link:http://microweber.com/download Application is vulnerable to CSRF.below is the POC where...
Microweber CMS 0.93 - Cross-Site Request Forgery
Exploit Title: Microweber CMS v0.93 CSRF Vulnerability Author: sajith version: Microweber CMS v0.93 Vendor Homepage: http://microweber.com/ vulnerable app link:http://microweber.com/download Application is vulnerable to CSRF.below is the POC where attacker can use this vulnerability to create new...
Remote Code Execution in Microweber
Advisory ID: HTB23175 Product: Microweber Vendor: Microweber Vulnerable Versions: 0.8 and probably prior Tested Version: 0.8 Advisory Publication: September 25, 2013 without technical details Vendor Notification: September 25, 2013 Vendor Patch: September 26, 2013 Public Disclosure: October 16,...
Microweber 0.905 - Error-Based SQL Injection
Microweber 0.905 - Error-Based SQL Injection =============================================================================== | | / / / / / / // / / -/ - / // / / / / // / ////,//////,// ///, / // team PUBLIC SECURITY ADVISORY | |...
Microweber 0.905 - Error-Based SQL Injection
=============================================================================== | | / / / / / / // / / -/ - / // / / / / // / ////,//////,// ///, / // team PUBLIC SECURITY ADVISORY | | =============================================================================== TITLE ===== Microweber...
Microweber 0.905 SQL Injection
=============================================================================== | | / / / / / / // / / -/ - / // / / / / // / ////,//////,// ///, / // team PUBLIC SECURITY ADVISORY | | =============================================================================== TITLE ===== Microweber...
Microweber 0.8 Arbitrary File Deletion
Advisory ID: HTB23175 Product: Microweber Vendor: Microweber Vulnerable Versions: 0.8 and probably prior Tested Version: 0.8 Advisory Publication: September 25, 2013 without technical details Vendor Notification: September 25, 2013 Vendor Patch: September 26, 2013 Public Disclosure: October 16,...
Remote Code Execution in Microweber
High-Tech Bridge Security Research Lab discovered vulnerability in Microweber, which can be exploited to delete arbitrary files and compromise vulnerable system as a consequence. 1 Improper Access Control in Microweber: CVE-2013-5984 Vulnerability exists due to improper access restriction to...