CVE-2022-0666 – CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-0666
CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11. Una inyección de CRLF conlleva a una Exposición de Trazas de Pila debido a una falta de filtrado en https://demo.microweber.org/ en Packagist microweber/microweber versiones anteriores a 1.2.11 • https://github.com/microweber/microweber/commit/f0e338f1b7dc5ec9d99231f4ed3fa6245a5eb128 https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55 • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') •
CVE-2022-0660 – Generation of Error Message Containing Sensitive Information in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-0660
Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11. Una Generación de un Mensaje de Error que Contiene Información Confidencial en Packagist microweber/microweber versiones anteriores a 1.2.11 • https://github.com/microweber/microweber/commit/2417bd2eda2aa2868c1dad1abf62341f22bfc20a https://huntr.dev/bounties/01fd2e0d-b8cf-487f-a16c-7b088ef3a291 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVE-2022-0638 – Cross-Site Request Forgery (CSRF) in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-0638
Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en Packagist microweber/microweber versiones anteriores a 1.2.11 • https://github.com/microweber/microweber/commit/756096da1260f29ff6f4532234d93d8e41dd5aa8 https://huntr.dev/bounties/9d3d883c-d74c-4fe2-9978-a8e3d1ccf9f3 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2022-0597 – Open Redirect in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-0597
Open Redirect in Packagist microweber/microweber prior to 1.2.11. Un Redireccionamiento Abierto en Packagist microweber/microweber versiones anteriores a 1.2.11 • https://github.com/microweber/microweber/commit/acfc6a581d1ea86096d1b0ecd8a0eec927c0e9b2 https://huntr.dev/bounties/68c22eab-cc69-4e9f-bcb6-2df3db626813 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2022-0596 – Improper Validation of Specified Quantity in Input in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-0596
Improper Validation of Specified Quantity in Input in Packagist microweber/microweber prior to 1.2.11. Unos Errores de Lógica de Negocio en Packagist microweber/microweber versiones anteriores a 1.2.11 • https://github.com/microweber/microweber/commit/91a9d899741557c75050614ff7adb8c0e3feb005 https://huntr.dev/bounties/f68b994e-2b8b-49f5-af2a-8cd99e8048a5 • CWE-1284: Improper Validation of Specified Quantity in Input •