Vulnerabilities > Microweber
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-09 | CVE-2020-23139 | Improper Authentication vulnerability in Microweber 1.1.18 Microweber 1.1.18 is affected by broken authentication and session management. | 2.1 |
| 2020-11-09 | CVE-2020-23138 | Unrestricted Upload of File with Dangerous Type vulnerability in Microweber 1.1.18 An unrestricted file upload vulnerability was discovered in the Microweber 1.1.18 admin account page. | 7.5 |
| 2020-11-09 | CVE-2020-23136 | Insufficient Session Expiration vulnerability in Microweber 1.1.18 Microweber v1.1.18 is affected by no session expiry after log-out. | 2.1 |
| 2020-07-16 | CVE-2020-13405 | Information Exposure vulnerability in Microweber userfiles/modules/users/controller/controller.php in Microweber before 1.1.20 allows an unauthenticated user to disclose the users database via a /modules/ POST request. | 5.0 |
| 2020-05-20 | CVE-2020-13241 | Unrestricted Upload of File with Dangerous Type vulnerability in Microweber 1.1.18 Microweber 1.1.18 allows Unrestricted File Upload because admin/view:modules/load_module:users#edit-user=1 does not verify that the file extension (used with the Add Image option on the Edit User screen) corresponds to an image file. | 7.2 |
| 2019-03-21 | CVE-2018-19917 | Cross-site Scripting vulnerability in Microweber 1.0.8 Microweber 1.0.8 has reflected cross-site scripting (XSS) vulnerabilities. | 4.3 |
| 2018-12-20 | CVE-2018-1000826 | Cross-site Scripting vulnerability in Microweber Microweber version <= 1.0.7 contains a Cross Site Scripting (XSS) vulnerability in Admin login form template that can result in Execution of JavaScript code. | 4.3 |
| 2018-09-16 | CVE-2018-17104 | Cross-Site Request Forgery (CSRF) vulnerability in Microweber 1.0.7 An issue was discovered in Microweber 1.0.7. | 6.8 |
| 2015-01-03 | CVE-2014-9464 | SQL Injection vulnerability in Microweber SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parent_id variable. | 7.5 |
| 2014-05-12 | CVE-2013-5984 | Path Traversal vulnerability in Microweber 0.8 Directory traversal vulnerability in userfiles/modules/admin/backup/delete.php in Microweber before 0.830 allows remote attackers to delete arbitrary files via a .. | 6.4 |