CVE-2022-0895
published 2022-03-10CVE-2022-0895: Static Code Injection in GitHub repository microweber/microweber prior to 1.3.
PriorityP348critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.69%
74.2th percentile
Static Code Injection in GitHub repository microweber/microweber prior to 1.3.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microweber | microweber | < 1.3 | 1.3 |
| microweber | microweber | >= 0 < 1.3 | 1.3 |
| microweber | microweber_microweber | >= unspecified < 1.3 | 1.3 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.07.7HIGHCVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Static Code Injection in Microweber
ghsa·2022-03-11
CVE-2022-0895 [HIGH] CWE-94 Static Code Injection in Microweber
Static Code Injection in Microweber
Microweber is a new generation CMS with drag and drop. Prior to version 1.3, Microweber is vulnerable to static code injection.
OSV
Static Code Injection in Microweber
osv·2022-03-11
CVE-2022-0895 [HIGH] Static Code Injection in Microweber
Static Code Injection in Microweber
Microweber is a new generation CMS with drag and drop. Prior to version 1.3, Microweber is vulnerable to static code injection.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/microweber/microweber/commit/b2baab6e582b2efe63788d367a2bb61a2fa26470https://huntr.dev/bounties/3c070828-fd00-476c-be33-9c877172363dhttps://github.com/microweber/microweber/commit/b2baab6e582b2efe63788d367a2bb61a2fa26470https://huntr.dev/bounties/3c070828-fd00-476c-be33-9c877172363d
2022-03-10
Published