Microweber@1.1.18 Security Vulnerabilities and Issues — Microweber@1.1.18 CVE List

Lucene search

MicroweberMicroweber1.1.18

5 matches found

CVE•added 2020/11/09 6:15 p.m.•40 views

CVE-2020-23139

Microweber 1.1.18 is affected by broken authentication and session management. Local session hijacking may occur, which could result in unauthorized access to system data or functionality, or a complete system compromise.

5.5CVSS5.5AI score0.00053EPSS

CVE•added 2020/11/09 6:15 p.m.•35 views

CVE-2020-23138

An unrestricted file upload vulnerability was discovered in the Microweber 1.1.18 admin account page. An attacker can upload PHP code or any extension (eg- .exe) to the web server by providing image data and the image/jpeg content type with a .php extension.

9.8CVSS9.5AI score0.00433EPSS

CVE•added 2020/11/09 6:15 p.m.•32 views

CVE-2020-23140

Microweber 1.1.18 is affected by insufficient session expiration. When changing passwords, both sessions for when a user changes email and old sessions in any other browser or device, the session does not expire and remains active.

8.1CVSS8AI score0.00271EPSS

CVE•added 2020/05/20 7:15 p.m.•29 views

CVE-2020-13241

Microweber 1.1.18 allows Unrestricted File Upload because admin/view:modules/load_module:users#edit-user=1 does not verify that the file extension (used with the Add Image option on the Edit User screen) corresponds to an image file.

7.8CVSS7.5AI score0.00049EPSS

CVE•added 2020/11/09 6:15 p.m.•27 views

CVE-2020-23136

Microweber v1.1.18 is affected by no session expiry after log-out.

5.5CVSS5.5AI score0.00052EPSS