Lucene search
Chetanya Sharma1337DAY-ID-37393HistoryFeb 21, 2022 - 12:00 a.m.
Microweber 1.2.11 - Remote Code Execution (Authenticated) Vulnerability
2022-02-2100:00:00
Chetanya Sharma
0day.today
198
remote code execution
authenticated
vulnerability
microweber 1.2.11
user section
php image file
crafted file
cve-2022-0557
EPSS
0.041
Percentile
92.2%
# Exploit Title: Microweber 1.2.11 - Remote Code Execution (RCE) (Authenticated)
# Google Dork: NA
# Exploit Author: Chetanya Sharma @AggressiveUser
# Vendor Homepage: https://microweber.org/
# Software Link: https://github.com/microweber/microweber
# Version: 1.2.11
# Tested on: [KALI OS]
# CVE : CVE-2022-0557
# Reference : https://huntr.dev/bounties/660c89af-2de5-41bc-aada-9e4e78142db8/
# Step To Reproduce
- Login using Admin Creds.
- Navigate to User Section then Add/Modify Users
- Change/Add image of profile and Select a Crafted Image file
- Crafted image file Aka A image file which craft with PHP CODES for execution
- File Extension of Crafted File is PHP7 like "Sample.php7"
- Path of Uploaded Crafted SHELL https://localhost/userfiles/media/default/shell.php7
Related
github
github
OS Command Injection in Microweber
2022-02-12 00:00:49
nvd
nvd
CVE-2022-0557
2022-02-11 09:15:06
cvelist
cvelist
CVE-2022-0557 OS Command Injection in microweber/microweber
2022-02-11 08:45:10
cve
cve
CVE-2022-0557
2022-02-11 09:15:06
cnvd
cnvd
Microweber command injection vulnerability
2022-02-15 00:00:00
osv
osv
CVE-2022-0557
2022-02-11 09:15:06
OS Command Injection in Microweber
2022-02-12 00:00:49
exploitdb
exploitdb
Microweber 1.2.11 - Remote Code Execution (RCE) (Authenticated)
2022-02-21 00:00:00
prion
prion
Command injection
2022-02-11 09:15:00
huntr
huntr
OS Command Injection in microweber/microweber
2022-02-05 15:03:29
packetstorm
packetstorm
Microweber 1.2.11 Shell Upload
2022-02-21 00:00:00
checkpoint_advisories
checkpoint_advisories
Packagist Microweber Arbitrary File Upload (CVE-2022-0557)
2022-11-27 00:00:00
veracode
veracode
OS Command Injection
2022-02-14 08:02:39