CVSS: 9.0EPSS: 4%CPEs: 1EXPL: 3CVE-2022-0557 – OS Command Injection in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-0557
OS Command Injection in Packagist microweber/microweber prior to 1.2.11. Una Inyección de Comandos del Sistema Operativo en Packagist microweber/microweber versiones anteriores a 1.2.11 Microweber version 1.2.11 suffers from a remote shell upload vulnerability. • https://www.exploit-db.com/exploits/50768 http://packetstormsecurity.com/files/166077/Microweber-1.2.11-Shell-Upload.html https://github.com/microweber/microweber/commit/0a7e5f1d81de884861ca677ee1aaac31f188d632 https://huntr.dev/bounties/660c89af-2de5-41bc-aada-9e4e78142db8 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0558 – Cross-site Scripting (XSS) - Stored in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-0558
Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Almacenado en Packagist microweber/microweber versiones anteriores a 1.2.11 • https://github.com/microweber/microweber/commit/14a1bb971bcb8b5456c2bf0020c3018907a2704d https://huntr.dev/bounties/8fffc95f-14ae-457b-aecc-be4716a8b91c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0504 – Generation of Error Message Containing Sensitive Information in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-0504
Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11. Una Generación de Mensajes de Error que Contienen Información Confidencial en Packagist microweber/microweber versiones anteriores a 1.2.11 • https://github.com/microweber/microweber/commit/e607e5f745cd99d5c06a7fce16b3577fab8e1250 https://huntr.dev/bounties/285ff8a0-a273-4d62-ba01-3e4b4e18467b • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0505 – Cross-Site Request Forgery (CSRF) in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-0505
Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en Packagist microweber/microweber versiones anteriores a 1.2.11 • https://github.com/microweber/microweber/commit/63447b369973724f0d352a006f25af6ff71ae292 https://huntr.dev/bounties/65b5a243-3f0c-4df3-9bab-898332180968 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0506 – Cross-site Scripting (XSS) - Stored in microweber/microweber
https://notcve.org/view.php?id=CVE-2022-0506
Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Almacenado en Packagist microweber/microweber versiones anteriores a 1.2.11 • https://github.com/microweber/microweber/commit/05d55f2befb1b25375ca5371875ff535d6cc5f70 https://huntr.dev/bounties/0a5ec24c-343e-4cc4-b27b-2beb19a1c35f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •