Vulnerabilities > Microweber > High

DATE CVE VULNERABILITY TITLE RISK
2022-03-09 CVE-2022-0896 Code Injection vulnerability in Microweber
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository microweber/microweber prior to 1.3.
network
low complexity
microweber CWE-94
8.8
8.8
2022-03-01 CVE-2022-0777 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Microweber
Weak Password Recovery Mechanism for Forgotten Password in GitHub repository microweber/microweber prior to 1.3.
network
low complexity
microweber CWE-640
7.5
7.5
2022-02-18 CVE-2022-0666 Unspecified vulnerability in Microweber
CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11.
network
low complexity
microweber
7.5
7.5
2022-02-18 CVE-2022-0660 Unspecified vulnerability in Microweber
Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11.
network
low complexity
microweber
7.5
7.5
2022-02-11 CVE-2022-0557 OS Command Injection vulnerability in Microweber
OS Command Injection in Packagist microweber/microweber prior to 1.2.11.
network
low complexity
microweber CWE-78
7.2
7.2
2022-01-20 CVE-2022-0282 Unspecified vulnerability in Microweber
Cross-site Scripting in Packagist microweber/microweber prior to 1.2.11.
network
low complexity
microweber
7.5
7.5
2022-01-20 CVE-2022-0281 Unspecified vulnerability in Microweber
Exposure of Sensitive Information to an Unauthorized Actor in Packagist microweber/microweber prior to 1.2.11.
network
low complexity
microweber
7.5
7.5
2021-02-15 CVE-2020-28337 Path Traversal vulnerability in Microweber
A directory traversal issue in the Utils/Unzip module in Microweber through 1.1.20 allows an authenticated attacker to gain remote code execution via the backup restore feature.
network
low complexity
microweber CWE-22
7.2
7.2
2020-11-09 CVE-2020-23140 Insufficient Session Expiration vulnerability in Microweber 1.1.18
Microweber 1.1.18 is affected by insufficient session expiration.
network
low complexity
microweber CWE-613
8.1
8.1
2020-07-16 CVE-2020-13405 Missing Authentication for Critical Function vulnerability in Microweber
userfiles/modules/users/controller/controller.php in Microweber before 1.1.20 allows an unauthenticated user to disclose the users database via a /modules/ POST request.
network
low complexity
microweber CWE-306
7.5
7.5