microweber/microweber is susceptible to a cross-site request forgery (CSRF) attack. It allows the attacker to add an administrative account via the api/save_user
url by misleading an admin user to click on the malicious link.
CPE | Name | Operator | Version |
---|---|---|---|
microweber/microweber | le | 1.1.0.x-dev |