VYPR
Vendor

Microweber

Products
1
CVEs
108
Across products
108
Status
Private

Products

1

Recent CVEs

108
View all 108 CVEs →
  • CVE-2020-23138CriNov 9, 2020
    risk 0.64cvss 9.8epss 0.01

    An unrestricted file upload vulnerability was discovered in the Microweber 1.1.18 admin account page. An attacker can upload PHP code or any extension (eg- .exe) to the web server by providing image data and the image/jpeg content type with a .php extension.

  • CVE-2023-49052HigNov 30, 2023
    risk 0.57cvss 8.8epss 0.02

    File Upload vulnerability in Microweber v.2.0.4 allows a remote attacker to execute arbitrary code via a crafted script to the file upload function in the created forms component.

  • CVE-2023-1877CriApr 5, 2023
    risk 0.57cvss 9.8epss 0.02

    Command Injection in GitHub repository microweber/microweber prior to 1.3.3.

  • CVE-2022-33012HigNov 22, 2022
    risk 0.57cvss 8.8epss 0.01

    Microweber v1.2.15 was discovered to allow attackers to perform an account takeover via a host header injection attack.

  • CVE-2021-36461HigJul 15, 2022
    risk 0.57cvss 8.8epss 0.01

    An Arbitrary File Upload vulnerability exists in Microweber 1.1.3 that allows attackers to getshell via the Settings Upload Picture section by uploading pictures with malicious code, user.ini.

  • CVE-2022-0895CriMar 10, 2022
    risk 0.57cvss 9.8epss 0.02

    Static Code Injection in GitHub repository microweber/microweber prior to 1.3.

  • CVE-2022-1631HigMay 9, 2022
    risk 0.54cvss 8.8epss 0.09

    Users Account Pre-Takeover or Users Account Takeover. in GitHub repository microweber/microweber prior to 1.2.15. Victim Account Take Over. Since, there is no email confirmation, an attacker can easily create an account in the application using the Victim’s Email. This allows…

  • CVE-2020-23140HigNov 9, 2020
    risk 0.53cvss 8.1epss 0.01

    Microweber 1.1.18 is affected by insufficient session expiration. When changing passwords, both sessions for when a user changes email and old sessions in any other browser or device, the session does not expire and remains active.

  • CVE-2023-2240HigApr 22, 2023
    risk 0.50cvss 8.8epss 0.01

    Improper Privilege Management in GitHub repository microweber/microweber prior to 1.3.4.

  • CVE-2022-0896HigMar 9, 2022
    risk 0.50cvss 8.8epss 0.01

    Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository microweber/microweber prior to 1.3.

  • CVE-2023-48122HigDec 8, 2023
    risk 0.49cvss 7.5epss 0.01

    An issue in microweber v.2.0.1 and fixed in v.2.0.4 allows a remote attacker to obtain sensitive information via the HTTP GET method.

  • CVE-2026-12198HigJun 15, 2026
    risk 0.47cvss 7.3epss 0.01

    A weakness has been identified in Microweber up to 2.0.20. This affects the function userfiles_path of the file /api_nosession/thumbnail_img of the component API Endpoint. Executing a manipulation of the argument cache_path_relative can lead to path traversal. It is possible to…

  • CVE-2022-0666HigFeb 18, 2022
    risk 0.45cvss 7.5epss 0.44

    CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11.

  • CVE-2022-4732HigDec 27, 2022
    risk 0.43cvss 7.2epss 0.38

    Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.3.2.

  • CVE-2022-0281HigJan 20, 2022
    risk 0.43cvss 7.5epss 0.12

    Exposure of Sensitive Information to an Unauthorized Actor in Packagist microweber/microweber prior to 1.2.11.

  • CVE-2023-5318HigSep 30, 2023
    risk 0.42cvss 7.5epss 0.01

    Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to 2.0.

  • CVE-2022-1036HigMar 22, 2022
    risk 0.42cvss 7.5epss 0.01

    Able to create an account with long password leads to memory corruption / Integer Overflow in GitHub repository microweber/microweber prior to 1.2.12.

  • CVE-2022-0913HigMar 11, 2022
    risk 0.42cvss 7.5epss 0.01

    Integer Overflow or Wraparound in GitHub repository microweber/microweber prior to 1.3.

  • CVE-2022-0777HigMar 1, 2022
    risk 0.42cvss 7.5epss 0.01

    Weak Password Recovery Mechanism for Forgotten Password in GitHub repository microweber/microweber prior to 1.3.

  • CVE-2022-0660HigFeb 18, 2022
    risk 0.42cvss 7.5epss 0.07

    Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11.