Login Sign Up

CVE-2022-0666

7.5 HIGH

📋 TL;DR

This CVE describes a CRLF injection vulnerability in Microweber CMS that allows attackers to inject carriage return and line feed characters into HTTP headers. This can lead to stack trace exposure, potentially revealing sensitive system information. Users running Microweber versions prior to 1.2.11 are affected.

💻 Affected Systems

Products:
  • Microweber CMS
Versions: All versions prior to 1.2.11
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Specifically affects the demo site at https://demo.microweber.org/ but likely affects all installations with similar configurations.

📦 What is this software?

Microweber by Microweber

View all CVEs affecting Microweber →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could expose sensitive stack trace information containing system paths, configuration details, or internal error messages that could aid further attacks.

🟠

Likely Case

Information disclosure through exposed stack traces revealing internal application structure and potential debugging information.

🟢

If Mitigated

Minimal impact with proper input validation and error handling preventing information leakage.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

CRLF injection vulnerabilities are well-understood and easy to exploit with basic web testing tools.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.2.11

Vendor Advisory: https://github.com/microweber/microweber/commit/f0e338f1b7dc5ec9d99231f4ed3fa6245a5eb128

Restart Required: No

Instructions:

1. Update Microweber to version 1.2.11 or later. 2. Apply the security patch from the GitHub commit. 3. Verify the fix by testing CRLF injection attempts.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement server-side filtering for CRLF characters in HTTP headers

Implement input validation to filter \r and \n characters from user-supplied header values

Error Handling Configuration

all

Configure application to suppress detailed error messages in production

Set display_errors = Off in PHP configuration
Configure custom error pages

🧯 If You Can't Patch

  • Implement a web application firewall (WAF) with CRLF injection detection rules
  • Restrict access to vulnerable endpoints using network segmentation or authentication

🔍 How to Verify

Check if Vulnerable:

Test by sending HTTP requests with CRLF sequences (\r\n) in headers to the application and check if stack traces are exposed in responses.

Check Version:

Check Microweber version in admin panel or via composer show microweber/microweber

Verify Fix Applied:

Attempt the same CRLF injection tests after patching; successful fix should return generic error messages without stack traces.

📡 Detection & Monitoring

Log Indicators:

  • Unusual HTTP requests containing CRLF sequences
  • Stack trace exposures in error logs
  • Multiple 500 error responses

Network Indicators:

  • HTTP requests with %0D%0A or \r\n sequences in headers
  • Responses containing PHP stack traces

SIEM Query:

source=web_logs (header="*\r\n*" OR header="*%0D%0A*") OR response="*stack trace*"

📊 Metadata

CVE ID: CVE-2022-0666
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-93
Published: February 18, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-0666, you might also want to check these:

CVE-2025-28357 8.8

A CRLF injection vulnerability in Neto CMS allows attackers to inject malicious HTTP headers through...

Same vulnerability type (CWE-93)
CVE-2021-39172 8.8

CVE-2021-39172 is a critical newline injection vulnerability in Cachet status page systems that allo...

Same vulnerability type (CWE-93)
CVE-2026-23953 8.7

This vulnerability allows users in the 'incus' group to inject newlines into container environment v...

Same vulnerability type (CWE-93)