CVE-2022-0968
published 2022-03-15CVE-2022-0968: The microweber application allows large characters to insert in the input field "fist & last name" which can allow attackers to cause a Denial of Service (DoS)…
PriorityP428medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
EXPLOIT
EPSS
3.73%
88.5th percentile
The microweber application allows large characters to insert in the input field "fist & last name" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber in GitHub repository microweber/microweber prior to 1.2.12.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microweber | microweber | < 1.2.12 | 1.2.12 |
| microweber | microweber | 0 – 1.2.11 | — |
| microweber | microweber_microweber | >= unspecified < 1.2.12 | 1.2.12 |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv3.07.2HIGHCVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
cisa7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Integer Overflow in microweber
ghsa·2022-03-16
CVE-2022-0968 [HIGH] CWE-190 Integer Overflow in microweber
Integer Overflow in microweber
Microweber is a new generation CMS with drag and drop. The microweber application allows large characters to insert in the input field "first & last name" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. The first name & last name input should be limited to 50 characters or max 100 characters
OSV
Integer Overflow in microweber
osv·2022-03-16
CVE-2022-0968 [HIGH] Integer Overflow in microweber
Integer Overflow in microweber
Microweber is a new generation CMS with drag and drop. The microweber application allows large characters to insert in the input field "first & last name" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. The first name & last name input should be limited to 50 characters or max 100 characters
CISA
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
cisa·2021-11-03·CVSS 7.5
CVE-2020-0968 [HIGH] CWE-787 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Vulnerability: Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Affected: Microsoft Internet Explorer
Microsoft Internet Explorer contains a memory corruption vulnerability due to how the Scripting Engine handles objects in memory, leading to remote code execution.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2020-0968
Remediation Due Date: 2022-05-03
No detection rules found.
Nuclei
Microweber <1.2.12 - Integer Overflow
nuclei·CVSS 5.5
CVE-2022-0968 [MEDIUM] Microweber <1.2.12 - Integer Overflow
Microweber '
internal: true
part: body
- type: regex
name: user
group: 1
regex:
- ''
internal: true
part: body
- type: regex
name: email
group: 1
regex:
- ''
internal: true
part: body
# digest: 4a0a00473045022100fbd31ade1fe89c84a40f52f30562890b69d168af15c70dc6457e8461abadb8c10220499ee75a5b275a1448f0f10a8e6b4034e5d4615d714dae6d9edef5fce2f6e0c3:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
https://github.com/microweber/microweber/commit/80e39084729a57dfe749626c3b9d35247a14c49ehttps://huntr.dev/bounties/97e36678-11cf-42c6-889c-892d415d9f9ehttps://github.com/microweber/microweber/commit/80e39084729a57dfe749626c3b9d35247a14c49ehttps://huntr.dev/bounties/97e36678-11cf-42c6-889c-892d415d9f9e
2022-03-15
Published