Microweber: Security Vulnerabilities
An issue was discovered in Microweber 1.0.7. There is a CSRF attack (against the admin user) that can add an administrative account via api/save_user.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-09-16
SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parent_id variable.
CVSS Score
7.5
EPSS Score
0.01
Published
2015-01-03
Directory traversal vulnerability in userfiles/modules/admin/backup/delete.php in Microweber before 0.830 allows remote attackers to delete arbitrary files via a .. (dot dot) in the file parameter.
CVSS Score
6.4
EPSS Score
0.022
Published
2014-05-12
Page 12