Filtered by vendor Microweber
Subscriptions
Total
109 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-23140 | 1 Microweber | 1 Microweber | 2024-11-21 | 8.1 High |
| Microweber 1.1.18 is affected by insufficient session expiration. When changing passwords, both sessions for when a user changes email and old sessions in any other browser or device, the session does not expire and remains active. | ||||
| CVE-2020-23139 | 1 Microweber | 1 Microweber | 2024-11-21 | 5.5 Medium |
| Microweber 1.1.18 is affected by broken authentication and session management. Local session hijacking may occur, which could result in unauthorized access to system data or functionality, or a complete system compromise. | ||||
| CVE-2020-23138 | 1 Microweber | 1 Microweber | 2024-11-21 | 9.8 Critical |
| An unrestricted file upload vulnerability was discovered in the Microweber 1.1.18 admin account page. An attacker can upload PHP code or any extension (eg- .exe) to the web server by providing image data and the image/jpeg content type with a .php extension. | ||||
| CVE-2020-23136 | 1 Microweber | 1 Microweber | 2024-11-21 | 5.5 Medium |
| Microweber v1.1.18 is affected by no session expiry after log-out. | ||||
| CVE-2020-13405 | 1 Microweber | 1 Microweber | 2024-11-21 | 7.5 High |
| userfiles/modules/users/controller/controller.php in Microweber before 1.1.20 allows an unauthenticated user to disclose the users database via a /modules/ POST request. | ||||
| CVE-2020-13241 | 1 Microweber | 1 Microweber | 2024-11-21 | 7.8 High |
| Microweber 1.1.18 allows Unrestricted File Upload because admin/view:modules/load_module:users#edit-user=1 does not verify that the file extension (used with the Add Image option on the Edit User screen) corresponds to an image file. | ||||
| CVE-2018-19917 | 1 Microweber | 1 Microweber | 2024-11-21 | N/A |
| Microweber 1.0.8 has reflected cross-site scripting (XSS) vulnerabilities. | ||||
| CVE-2018-17104 | 1 Microweber | 1 Microweber | 2024-11-21 | N/A |
| An issue was discovered in Microweber 1.0.7. There is a CSRF attack (against the admin user) that can add an administrative account via api/save_user. | ||||
| CVE-2018-1000826 | 1 Microweber | 1 Microweber | 2024-11-21 | N/A |
| Microweber version <= 1.0.7 contains a Cross Site Scripting (XSS) vulnerability in Admin login form template that can result in Execution of JavaScript code. | ||||