Login Sign Up

CVE-2022-0895

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

CVE-2022-0895 is a static code injection vulnerability in Microweber CMS prior to version 1.3, allowing attackers to inject malicious code into static files, potentially leading to remote code execution. It affects users running vulnerable versions of Microweber, particularly those with internet-facing installations. This can compromise website integrity and data security.

💻 Affected Systems

Products:
  • Microweber CMS
Versions: All versions prior to 1.3
Operating Systems: All operating systems running Microweber
Default Config Vulnerable: ⚠️ Yes
Notes: No specific configuration required; default installations are vulnerable.

📦 What is this software?

Microweber by Microweber

View all CVEs affecting Microweber →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via remote code execution, enabling data theft, defacement, or malware deployment.

🟠

Likely Case

Unauthorized code injection leading to website defacement, data manipulation, or backdoor installation.

🟢

If Mitigated

Limited impact if patched promptly, with only minor disruptions or no exploitation due to security controls.

🌐 Internet-Facing: HIGH, as the vulnerability can be exploited remotely without authentication, making internet-facing systems prime targets.
🏢 Internal Only: MEDIUM, as internal systems are less exposed but still vulnerable if accessed by malicious insiders or via lateral movement.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly available, making it easy for attackers to weaponize.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.3 and later

Vendor Advisory: https://github.com/microweber/microweber/commit/b2baab6e582b2efe63788d367a2bb61a2fa26470

Restart Required: No

Instructions:

1. Update Microweber to version 1.3 or later via the admin panel or manual download. 2. Apply the patch from the GitHub commit. 3. Verify the update by checking the version in the admin interface.

🔧 Temporary Workarounds

Restrict File Uploads

all

Temporarily disable or restrict file upload functionality to prevent code injection.

Modify Microweber configuration to disable uploads or set strict file type validation.

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to block suspicious file uploads and injection attempts.
  • Isolate the Microweber instance from critical networks and monitor for unusual activity.

🔍 How to Verify

Check if Vulnerable:

Check the Microweber version in the admin panel or via the system info page; if below 1.3, it is vulnerable.

Check Version:

In Microweber admin, navigate to Settings > System Info or run a database query for version info.

Verify Fix Applied:

Confirm the version is 1.3 or higher and review the applied patch from the GitHub commit.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file uploads or modifications in static directories, unexpected PHP or script executions.

Network Indicators:

  • HTTP requests with malicious payloads targeting file upload endpoints.

SIEM Query:

Example: 'source="microweber_logs" AND (event="file_upload" OR event="code_injection")'

📊 Metadata

CVE ID: CVE-2022-0895
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-96
Published: March 10, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-0895, you might also want to check these:

CVE-2015-2079 9.9

This vulnerability allows remote attackers to execute arbitrary code on Usermin servers by exploitin...

Same vulnerability type (CWE-96)
CVE-2024-55877 9.9

This vulnerability allows any authenticated user in XWiki Platform to execute arbitrary code remotel...

Same vulnerability type (CWE-96)
CVE-2020-6143 9.8

This is a critical remote code execution vulnerability in OS4Ed openSIS 7.4's installation functiona...

Same vulnerability type (CWE-96)