EPSS
Percentile
41.3%
microweber/microweber is vulnerable to unrestricted file upload. The sanitization filter bypass in plupload.php allows a remote authenticated attacker to upload files outside the intended locations.
plupload.php
github.com/microweber/microweber/commit/0d279ac81052ce7ee97c18c811a9b8e912189da0
huntr.dev/bounties/d5be2e96-1f2f-4357-a385-e184cf0119aa
huntr.dev/bounties/d5be2e96-1f2f-4357-a385-e184cf0119aa/