Command Injection in microweber/microweber
CVE-2023-1877

9.8CRITICAL

Key Information:

Vendor: Microweber
Status: Microweber/microweber
Vendor: CVE Published:; 5 April 2023

Summary

A command injection vulnerability was found in Microweber, affecting versions prior to 1.3.3. This security flaw allows attackers to execute arbitrary commands through the application's input, potentially compromising the server and sensitive data. Users of Microweber are recommended to upgrade to the latest version to mitigate this risk while employing best practices for web security.

Affected Version(s)

microweber/microweber < 1.3.3

References

https://huntr.dev/bounties/71fe4b3b-20ac-448c-8191-7b99d7...

https://github.com/microweber/microweber/commit/93a906d0b...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 5, 2023
Vulnerability Reserved
Apr 5, 2023