Show filters
100 Total Results
Displaying 91-100 of 100
Sort by:
Attacker Value
Unknown

CVE-2020-23139

Disclosure Date: November 09, 2020 (last updated February 22, 2025)
Microweber 1.1.18 is affected by broken authentication and session management. Local session hijacking may occur, which could result in unauthorized access to system data or functionality, or a complete system compromise.
Attack Vector: LocalPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-23138

Disclosure Date: November 09, 2020 (last updated February 22, 2025)
An unrestricted file upload vulnerability was discovered in the Microweber 1.1.18 admin account page. An attacker can upload PHP code or any extension (eg- .exe) to the web server by providing image data and the image/jpeg content type with a .php extension.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-23140

Disclosure Date: November 09, 2020 (last updated February 22, 2025)
Microweber 1.1.18 is affected by insufficient session expiration. When changing passwords, both sessions for when a user changes email and old sessions in any other browser or device, the session does not expire and remains active.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-13405

Disclosure Date: July 16, 2020 (last updated February 21, 2025)
userfiles/modules/users/controller/controller.php in Microweber before 1.1.20 allows an unauthenticated user to disclose the users database via a /modules/ POST request.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-13241

Disclosure Date: May 20, 2020 (last updated February 21, 2025)
Microweber 1.1.18 allows Unrestricted File Upload because admin/view:modules/load_module:users#edit-user=1 does not verify that the file extension (used with the Add Image option on the Edit User screen) corresponds to an image file.
Attack Vector: LocalPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2018-19917

Disclosure Date: March 21, 2019 (last updated November 27, 2024)
Microweber 1.0.8 has reflected cross-site scripting (XSS) vulnerabilities.
0
0
Attacker Value
Unknown

CVE-2018-1000826

Disclosure Date: December 20, 2018 (last updated November 27, 2024)
Microweber version <= 1.0.7 contains a Cross Site Scripting (XSS) vulnerability in Admin login form template that can result in Execution of JavaScript code.
0
0
Attacker Value
Unknown

CVE-2018-17104

Disclosure Date: September 16, 2018 (last updated November 27, 2024)
An issue was discovered in Microweber 1.0.7. There is a CSRF attack (against the admin user) that can add an administrative account via api/save_user.
0
0
Attacker Value
Unknown

CVE-2014-9464

Disclosure Date: January 03, 2015 (last updated October 05, 2023)
SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parent_id variable.
0
0
Attacker Value
Unknown

CVE-2013-5984

Disclosure Date: May 12, 2014 (last updated October 05, 2023)
Directory traversal vulnerability in userfiles/modules/admin/backup/delete.php in Microweber before 0.830 allows remote attackers to delete arbitrary files via a .. (dot dot) in the file parameter.
0
0
View More Topics  < Previous