Filtered by vendor Microweber
Subscribe
Total
88 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-23139 | 1 Microweber | 1 Microweber | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
Microweber 1.1.18 is affected by broken authentication and session management. Local session hijacking may occur, which could result in unauthorized access to system data or functionality, or a complete system compromise. | |||||
CVE-2020-13405 | 1 Microweber | 1 Microweber | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
userfiles/modules/users/controller/controller.php in Microweber before 1.1.20 allows an unauthenticated user to disclose the users database via a /modules/ POST request. | |||||
CVE-2020-13241 | 1 Microweber | 1 Microweber | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
Microweber 1.1.18 allows Unrestricted File Upload because admin/view:modules/load_module:users#edit-user=1 does not verify that the file extension (used with the Add Image option on the Edit User screen) corresponds to an image file. | |||||
CVE-2018-19917 | 1 Microweber | 1 Microweber | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
Microweber 1.0.8 has reflected cross-site scripting (XSS) vulnerabilities. | |||||
CVE-2018-17104 | 1 Microweber | 1 Microweber | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in Microweber 1.0.7. There is a CSRF attack (against the admin user) that can add an administrative account via api/save_user. | |||||
CVE-2018-1000826 | 1 Microweber | 1 Microweber | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
Microweber version <= 1.0.7 contains a Cross Site Scripting (XSS) vulnerability in Admin login form template that can result in Execution of JavaScript code. | |||||
CVE-2013-5984 | 1 Microweber | 1 Microweber | 2024-02-04 | 6.4 MEDIUM | N/A |
Directory traversal vulnerability in userfiles/modules/admin/backup/delete.php in Microweber before 0.830 allows remote attackers to delete arbitrary files via a .. (dot dot) in the file parameter. | |||||
CVE-2014-9464 | 1 Microweber | 1 Microweber | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parent_id variable. |