Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum password length or complexity during password resets. Users can set extremely weak passwords, including single-character passwords, which can lead to account compromise, including administrative accounts.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:LMicroweber
APPMicroweber2.0.0
Powiązane podatności
Command Injection in GitHub repository microweber/microweber prior to 1.3.3.
Static Code Injection in GitHub repository microweber/microweber prior to 1.3.
An unrestricted file upload vulnerability was discovered in the Microweber 1.1.18 admin account page. An attac...
Microweber CMS 2.0 is vulnerable to Cross Site Scripting (XSS)in the /projects/profile, homepage endpoint via ...
A Stored Cross-Site Scripting (XSS) vulnerability in Microweber CMS 2.0 allows attackers to inject malicious s...