Lucene search
Veracode Vulnerability DatabaseVERACODE:34196HistoryFeb 14, 2022 - 8:02 a.m.
OS Command Injection
2022-02-1408:02:39
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
microweber
command injection
php version 6-12
EPSS
0.041
Percentile
92.2%
microweber is vulnerable to OS command injection. The vulnerability exists due to a default fall through in a switch case for php version 6 to 12, allowing an attacker to injection maliciously crafted command via the plupload function.
References
packetstormsecurity.com/files/166077/Microweber-1.2.11-Shell-Upload.html
github.com/microweber/microweber/commit/07e92499a0adb7364b2c745232e248049529b6b9
github.com/microweber/microweber/commit/0a7e5f1d81de884861ca677ee1aaac31f188d632
huntr.dev/bounties/660c89af-2de5-41bc-aada-9e4e78142db8
www.exploit-db.com/exploits/50768
Related
github
github
OS Command Injection in Microweber
2022-02-12 00:00:49
nvd
nvd
CVE-2022-0557
2022-02-11 09:15:06
cvelist
cvelist
CVE-2022-0557 OS Command Injection in microweber/microweber
2022-02-11 08:45:10
cve
cve
CVE-2022-0557
2022-02-11 09:15:06
osv
osv
CVE-2022-0557
2022-02-11 09:15:06
OS Command Injection in Microweber
2022-02-12 00:00:49
cnvd
cnvd
Microweber command injection vulnerability
2022-02-15 00:00:00
exploitdb
exploitdb
Microweber 1.2.11 - Remote Code Execution (RCE) (Authenticated)
2022-02-21 00:00:00
prion
prion
Command injection
2022-02-11 09:15:00
huntr
huntr
OS Command Injection in microweber/microweber
2022-02-05 15:03:29
zdt
zdt
Microweber 1.2.11 - Remote Code Execution (Authenticated) Vulnerability
2022-02-21 00:00:00
packetstorm
packetstorm
Microweber 1.2.11 Shell Upload
2022-02-21 00:00:00
checkpoint_advisories
checkpoint_advisories
Packagist Microweber Arbitrary File Upload (CVE-2022-0557)
2022-11-27 00:00:00