Vulnerabilities > Microweber > Microweber > 0.9.346
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-07-16 | CVE-2020-13405 | Information Exposure vulnerability in Microweber userfiles/modules/users/controller/controller.php in Microweber before 1.1.20 allows an unauthenticated user to disclose the users database via a /modules/ POST request. | 5.0 |
2018-12-20 | CVE-2018-1000826 | Cross-site Scripting vulnerability in Microweber Microweber version <= 1.0.7 contains a Cross Site Scripting (XSS) vulnerability in Admin login form template that can result in Execution of JavaScript code. | 4.3 |
2015-01-03 | CVE-2014-9464 | SQL Injection vulnerability in Microweber SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parent_id variable. | 7.5 |