Lucene search

Veracode Vulnerability DatabaseVERACODE:44614

HistoryDec 08, 2023 - 4:54 p.m.

Information Disclosure

2023-12-0816:54:12

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

microweber

vulnerability

information disclosure

file upload

zip file

error

sensitive system information

software

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.5%

JSON

microweber/microweber is vulnerable to Information Disclosure. The vulnerability exists due the file upload functionality, which allows an attacker to upload a ZIP file, which will result in an error containing sensitive system information.

CPENameOperatorVersion
microweber/microweberle2.0.0.x-dev
microweber/microweberle2.0.0.x-dev

CPE	Name	Operator	Version
	microweber/microweber	le	2.0.0.x-dev
	microweber/microweber	le	2.0.0.x-dev

References

github.com/advisories/GHSA-9r6p-hg4g-5gxp

github.com/microweber/microweber/commit/f7eb9e1c6e801346f07f3b0164a01ac5f2ca5cfd

huntr.com/bounties/6198785c-bf60-422e-9b80-68a6e658a10e

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.5%

JSON

Related for VERACODE:44614