microweber/microweber is vulnerable to authentication bypass. The vulnerability exists in auth.php
because the password reset is not handled properly which allows an attacker to send unlimited email to any mail address.
CPE | Name | Operator | Version |
---|---|---|---|
microweber/microweber | le | v1.2.11 | |
microweber/microweber | le | 1.2.12.x-dev |