Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Microweber Subscribe
Total 88 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-23139 1 Microweber 1 Microweber 2024-02-04 2.1 LOW 5.5 MEDIUM
Microweber 1.1.18 is affected by broken authentication and session management. Local session hijacking may occur, which could result in unauthorized access to system data or functionality, or a complete system compromise.
CVE-2020-13405 1 Microweber 1 Microweber 2024-02-04 5.0 MEDIUM 7.5 HIGH
userfiles/modules/users/controller/controller.php in Microweber before 1.1.20 allows an unauthenticated user to disclose the users database via a /modules/ POST request.
CVE-2020-13241 1 Microweber 1 Microweber 2024-02-04 7.2 HIGH 7.8 HIGH
Microweber 1.1.18 allows Unrestricted File Upload because admin/view:modules/load_module:users#edit-user=1 does not verify that the file extension (used with the Add Image option on the Edit User screen) corresponds to an image file.
CVE-2018-19917 1 Microweber 1 Microweber 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
Microweber 1.0.8 has reflected cross-site scripting (XSS) vulnerabilities.
CVE-2018-17104 1 Microweber 1 Microweber 2024-02-04 6.8 MEDIUM 8.8 HIGH
An issue was discovered in Microweber 1.0.7. There is a CSRF attack (against the admin user) that can add an administrative account via api/save_user.
CVE-2018-1000826 1 Microweber 1 Microweber 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
Microweber version <= 1.0.7 contains a Cross Site Scripting (XSS) vulnerability in Admin login form template that can result in Execution of JavaScript code.
CVE-2013-5984 1 Microweber 1 Microweber 2024-02-04 6.4 MEDIUM N/A
Directory traversal vulnerability in userfiles/modules/admin/backup/delete.php in Microweber before 0.830 allows remote attackers to delete arbitrary files via a .. (dot dot) in the file parameter.
CVE-2014-9464 1 Microweber 1 Microweber 2024-02-04 7.5 HIGH N/A
SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parent_id variable.