CVE-2022-0762
published 2022-02-26CVE-2022-0762: Incorrect Authorization in GitHub repository microweber/microweber prior to 1.3.
PriorityP419medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
EPSS
0.63%
45.7th percentile
Incorrect Authorization in GitHub repository microweber/microweber prior to 1.3.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microweber | microweber | < 1.3 | 1.3 |
| microweber | microweber | >= 0 < 1.3.0 | 1.3.0 |
| microweber | microweber_microweber | >= unspecified < 1.3 | 1.3 |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Exposure of Resource to Wrong Sphere in microweber
ghsa·2022-02-27
CVE-2022-0762 [MEDIUM] CWE-668 Exposure of Resource to Wrong Sphere in microweber
Exposure of Resource to Wrong Sphere in microweber
Exposure of Resource to Wrong Sphere in microweber prior to 1.3 allows users to add deleted products to a cart and buy it.
OSV
Exposure of Resource to Wrong Sphere in microweber
osv·2022-02-27
CVE-2022-0762 [MEDIUM] Exposure of Resource to Wrong Sphere in microweber
Exposure of Resource to Wrong Sphere in microweber
Exposure of Resource to Wrong Sphere in microweber prior to 1.3 allows users to add deleted products to a cart and buy it.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/microweber/microweber/commit/76361264d9fdfff38a1af79c63141455cc4d36e3https://huntr.dev/bounties/125b5244-5099-485e-bf75-e5f1ed80dd48https://github.com/microweber/microweber/commit/76361264d9fdfff38a1af79c63141455cc4d36e3https://huntr.dev/bounties/125b5244-5099-485e-bf75-e5f1ed80dd48
2022-02-26
Published