CVE-2022-0596
published 2022-02-15CVE-2022-0596: Improper Validation of Specified Quantity in Input in Packagist microweber/microweber prior to 1.2.11.
PriorityP420medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
EPSS
0.61%
44.7th percentile
Improper Validation of Specified Quantity in Input in Packagist microweber/microweber prior to 1.2.11.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microweber | microweber | < 1.2.11 | 1.2.11 |
| microweber | microweber | >= 0 < 1.2.11 | 1.2.11 |
| microweber | microweber_microweber | >= unspecified < 1.2.11 | 1.2.11 |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
nvdv3.05.4MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Microweber vulnerable to Improper Validation of Specified Quantity in Input
osv·2022-02-16
CVE-2022-0596 [MEDIUM] Microweber vulnerable to Improper Validation of Specified Quantity in Input
Microweber vulnerable to Improper Validation of Specified Quantity in Input
Microweber prior to version 1.2.11 can have a negative product amount. This could allow an attacker to manipulate the total value and get products for free.
GHSA
Microweber vulnerable to Improper Validation of Specified Quantity in Input
ghsa·2022-02-16
CVE-2022-0596 [MEDIUM] CWE-1284 Microweber vulnerable to Improper Validation of Specified Quantity in Input
Microweber vulnerable to Improper Validation of Specified Quantity in Input
Microweber prior to version 1.2.11 can have a negative product amount. This could allow an attacker to manipulate the total value and get products for free.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/microweber/microweber/commit/91a9d899741557c75050614ff7adb8c0e3feb005https://huntr.dev/bounties/f68b994e-2b8b-49f5-af2a-8cd99e8048a5https://github.com/microweber/microweber/commit/91a9d899741557c75050614ff7adb8c0e3feb005https://huntr.dev/bounties/f68b994e-2b8b-49f5-af2a-8cd99e8048a5
2022-02-15
Published