📦 Microweber

This CVE describes a command injection vulnerability in Microweber CMS versions prior to 1.3.3. Attackers can execute arbitrary operating system commands on the server by injecting malicious input int...

CVE-2022-0895 is a static code injection vulnerability in Microweber CMS prior to version 1.3, allowing attackers to inject malicious code into static files, potentially leading to remote code executi...

This vulnerability allows attackers to upload malicious PHP files disguised as JPEG images to Microweber's admin panel. Attackers can execute arbitrary code on the web server, potentially compromising...

Microweber CMS 2.0 has weak password requirements that allow users to set extremely simple passwords during password resets, including single-character passwords. This vulnerability affects all Microw...

Microweber CMS 2.0 contains a stored cross-site scripting (XSS) vulnerability in the profile page's last name field. This allows attackers to inject malicious scripts that execute when other users vie...

An authenticated local file inclusion vulnerability in Microweber CMS allows authenticated users to read arbitrary files from the filesystem. Attackers can abuse backup management API endpoints to dis...

This vulnerability allows remote attackers to upload malicious files through Microweber's forms component, leading to arbitrary code execution. It affects Microweber CMS installations running version ...

CVE-2023-5318 involves hard-coded credentials in Microweber CMS versions before 2.0, allowing attackers to gain unauthorized access to affected systems. This affects all users running vulnerable Micro...

This vulnerability allows improper privilege management in Microweber CMS, enabling attackers to escalate privileges or perform unauthorized actions. It affects all Microweber installations prior to v...

Microweber 1.1.3 has an arbitrary file upload vulnerability that allows attackers to upload malicious files disguised as pictures, potentially leading to remote code execution. This affects all Microw...

This integer overflow vulnerability in Microweber CMS allows attackers to cause denial of service or potentially execute arbitrary code by triggering memory corruption. It affects all Microweber insta...

This vulnerability allows attackers to bypass password recovery mechanisms in Microweber CMS, potentially gaining unauthorized access to user accounts. It affects all Microweber installations prior to...

This CVE describes a CRLF injection vulnerability in Microweber CMS that allows attackers to inject carriage return and line feed characters into HTTP headers. This can lead to stack trace exposure, p...

CVE-2022-0281 is an information disclosure vulnerability in Microweber CMS that exposes sensitive information to unauthorized actors. This affects all Microweber installations prior to version 1.2.11,...

Microweber 2.0.15 contains a stored cross-site scripting vulnerability in user profile fields that allows authenticated attackers to inject malicious JavaScript. When other users view the attacker's p...

This reflected XSS vulnerability in Microweber CMS 2.0 allows attackers to inject malicious JavaScript via the id parameter in the live_edit.module_settings API endpoint. When exploited, this can lead...

This vulnerability allows attackers to inject malicious JavaScript via the layout parameter on the admin page creation interface in Microweber CMS. When exploited, it enables arbitrary code execution ...

Microweber v2.0.9 contains a cross-site scripting (XSS) vulnerability in the backup creation function that allows remote attackers to inject malicious scripts. This affects administrators who access t...

This vulnerability allows unauthenticated remote attackers to inject malicious scripts into the '/search' page of Microweber CMS via the 'keywords' parameter. When a user visits a crafted search URL, ...

Microweber 2.0.16 contains a stored cross-site scripting (XSS) vulnerability in the admin.php settings module that allows attackers to inject malicious scripts. This affects administrators who access ...

This CVE describes a cross-site scripting (XSS) vulnerability in Microweber CMS versions prior to 1.2.11. Attackers can inject malicious scripts into web pages viewed by other users, potentially steal...