Vulnerabilities > Microweber > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-08 | CVE-2023-48122 | Unspecified vulnerability in Microweber 2.0.1/2.0.2/2.0.3 An issue in microweber v.2.0.1 and fixed in v.2.0.4 allows a remote attacker to obtain sensitive information via the HTTP GET method. | 7.5 |
| 2023-11-30 | CVE-2023-49052 | Unrestricted Upload of File with Dangerous Type vulnerability in Microweber 2.0.4 File Upload vulnerability in Microweber v.2.0.4 allows a remote attacker to execute arbitrary code via a crafted script to the file upload function in the created forms component. | 8.8 |
| 2023-09-30 | CVE-2023-5318 | Use of Hard-coded Credentials vulnerability in Microweber Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to 2.0. | 7.5 |
| 2023-04-22 | CVE-2023-2240 | Improper Privilege Management vulnerability in Microweber Improper Privilege Management in GitHub repository microweber/microweber prior to 1.3.4. | 8.8 |
| 2022-11-22 | CVE-2022-33012 | Injection vulnerability in Microweber 1.2.15 Microweber v1.2.15 was discovered to allow attackers to perform an account takeover via a host header injection attack. | 8.8 |
| 2022-05-09 | CVE-2022-1631 | Incorrect Authorization vulnerability in Microweber Users Account Pre-Takeover or Users Account Takeover. | 8.8 |
| 2022-01-20 | CVE-2022-0282 | Cross-site Scripting vulnerability in Microweber Cross-site Scripting in Packagist microweber/microweber prior to 1.2.11. | 7.5 |
| 2020-11-09 | CVE-2020-23138 | Unrestricted Upload of File with Dangerous Type vulnerability in Microweber 1.1.18 An unrestricted file upload vulnerability was discovered in the Microweber 1.1.18 admin account page. | 7.5 |
| 2020-05-20 | CVE-2020-13241 | Unrestricted Upload of File with Dangerous Type vulnerability in Microweber 1.1.18 Microweber 1.1.18 allows Unrestricted File Upload because admin/view:modules/load_module:users#edit-user=1 does not verify that the file extension (used with the Add Image option on the Edit User screen) corresponds to an image file. | 7.2 |
| 2015-01-03 | CVE-2014-9464 | SQL Injection vulnerability in Microweber SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parent_id variable. | 7.5 |