microweber is vulnerable to OS command injection. The vulnerability exists due to a default fall through in a switch case for php version 6 to 12, allowing an attacker to injection maliciously crafted command via the plupload
function.
packetstormsecurity.com/files/166077/Microweber-1.2.11-Shell-Upload.html
github.com/microweber/microweber/commit/07e92499a0adb7364b2c745232e248049529b6b9
github.com/microweber/microweber/commit/0a7e5f1d81de884861ca677ee1aaac31f188d632
huntr.dev/bounties/660c89af-2de5-41bc-aada-9e4e78142db8
www.exploit-db.com/exploits/50768