CRITICAL🇵🇱 Wersja polska

CVE-2020-23138

CVSS 9.8v3.1pub. 2020-11-09upd. 2024-11-21

An unrestricted file upload vulnerability was discovered in the Microweber 1.1.18 admin account page. An attacker can upload PHP code or any extension (eg- .exe) to the web server by providing image data and the image/jpeg content type with a .php extension.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Microweber

    APP
    Microweber
    1.1.18
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2023-1877CRITICAL9.8ten sam produkt

Command Injection in GitHub repository microweber/microweber prior to 1.3.3.

CVE-2022-0895CRITICAL9.8ten sam produkt

Static Code Injection in GitHub repository microweber/microweber prior to 1.3.

CVE-2025-60954HIGH8.3ten sam produkt

Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum password length or...

CVE-2025-51504HIGH7.6ten sam produkt

Microweber CMS 2.0 is vulnerable to Cross Site Scripting (XSS)in the /projects/profile, homepage endpoint via ...

CVE-2025-51503HIGH7.6ten sam produkt

A Stored Cross-Site Scripting (XSS) vulnerability in Microweber CMS 2.0 allows attackers to inject malicious s...