Vulnerability Details CVE-2018-17104
An issue was discovered in Microweber 1.0.7. There is a CSRF attack (against the admin user) that can add an administrative account via api/save_user.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 38.1%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
- https://github.com/microweber/microweber/commit/982ea9d5efb7d2306a05644ebc3469dadb33767e
- https://github.com/microweber/microweber/issues/483
- https://github.com/microweber/microweber/issues/484
- https://github.com/microweber/microweber/commit/982ea9d5efb7d2306a05644ebc3469dadb33767e
- https://github.com/microweber/microweber/issues/483
- https://github.com/microweber/microweber/issues/484
Products affected by CVE-2018-17104
-
cpe:2.3:a:microweber:microweber:1.0.7