Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Microweber CMS 1.2.15 - Account Takeover Vulnerability

🗓️ 03 Jun 2022 00:00:00Reported by Manojkumar JType 
zdt
 zdt🔗 0day.today👁 246 Views

Microweber CMS 1.2.15 Oauth Misconfiguration Account Takeove

Related
Code
ReporterTitlePublishedViews
Family
Huntr		Users Account Pre-Takeover or Users Account Takeover.
5 May 202223:57
huntr
Huntr		Account Takeover and Persistence due to the Oauth Misconfiguration
12 Feb 202313:07
huntr
ATTACKERKB		CVE-2022-1631
9 May 202214:15
attackerkb
Circl		CVE-2022-1631
9 May 202218:36
circl
CNNVD		Microweber 安全漏洞
9 May 202200:00
cnnvd
CVE		CVE-2022-1631
9 May 202214:10
cve
Cvelist		CVE-2022-1631 Users Account Pre-Takeover or Users Account Takeover. in microweber/microweber
9 May 202214:10
cvelist
Exploit DB		Microweber CMS 1.2.15 - Account Takeover
3 Jun 202200:00
exploitdb
EUVD		EUVD-2022-2903
3 Oct 202520:07
euvd
Github Security Blog		Incorrect Authorization in microweber
10 May 202200:00
github
Rows per page
# Exploit Title: Microweber CMS 1.2.15 - Account Takeover
# Exploit Author: Manojkumar J
# Vendor Homepage: https://github.com/microweber/microweber
# Software Link: https://github.com/microweber/microweber/releases/tag/v1.2.15
# Version: <=1.2.15
# Tested on: Windows10
# CVE : CVE-2022-1631

# Description:

Microweber Drag and Drop Website Builder E-commerce CMS v1.2.15 Oauth
Misconfiguration Leads To Account Takeover.

# Steps to exploit:

1. Create an account with the victim's email address.

Register endpoint: https://target-website.com/register#

2. When the victim tries to login with default Oauth providers like Google,
Github, Microsoft, Twitter, Linkedin, Telegram or Facebook etc(auth login)
with that same e-mail id that we created account before, via this way we
can take over the victim's account with the recently created login
credentials.

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
03 Jun 2022 00:00Current
0.1Low risk
Vulners AI Score0.1
CVSS 26.8
CVSS 3.18.8
CVSS 36.8
EPSS0.15147
microweber cmsoauthmisconfigurationaccount takeovere-commercewindows10cve-2022-1631register endpointgooglegithubmicrosofttwitterlinkedintelegramfacebook
246