An unrestricted file upload vulnerability was discovered in the Microweber 1.1.18 admin account page. An attacker can upload PHP code or any extension (eg- .exe) to the web server by providing image data and the image/jpeg content type with a .php extension.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HMicroweber
APPMicroweber1.1.18
Related vulnerabilities
Command Injection in GitHub repository microweber/microweber prior to 1.3.3.
Static Code Injection in GitHub repository microweber/microweber prior to 1.3.
Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum password length or...
Microweber CMS 2.0 is vulnerable to Cross Site Scripting (XSS)in the /projects/profile, homepage endpoint via ...
A Stored Cross-Site Scripting (XSS) vulnerability in Microweber CMS 2.0 allows attackers to inject malicious s...