Peter Ivanov

43 exploits Active since May 2014
CVE-2014-9464 WRITEUP WRITEUP
Microweber CMS <20141209 - SQL Injection
SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parent_id variable.
CVE-2020-13405 WRITEUP HIGH WRITEUP
Microweber <1.1.20 - Info Disclosure
userfiles/modules/users/controller/controller.php in Microweber before 1.1.20 allows an unauthenticated user to disclose the users database via a /modules/ POST request.
CVSS 7.5
CVE-2013-5984 WRITEUP WRITEUP
Microweber < 0.830 - Unauthenticated Arbitrary File Deletion via Backup Module File Parameter
Directory traversal vulnerability in userfiles/modules/admin/backup/delete.php in Microweber before 0.830 allows remote attackers to delete arbitrary files via a .. (dot dot) in the file parameter.
CVE-2018-17104 WRITEUP HIGH WRITEUP
Microweber 1.0.7 - Cross-Site Request Forgery via Admin User Creation
An issue was discovered in Microweber 1.0.7. There is a CSRF attack (against the admin user) that can add an administrative account via api/save_user.
CVSS 8.8
CVE-2021-32856 WRITEUP MEDIUM WRITEUP
Microweber < 1.2.12 - Copy-Paste Cross-Site Scripting in Text Editor
Microweber is a drag and drop website builder and content management system. Versions 1.2.12 and prior are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. A fix was attempted in versions 1.2.9 and 1.2.12, but it is incomplete.
CVSS 6.1
CVE-2022-0597 WRITEUP MEDIUM WRITEUP
Packagist microweber/microweber <1.2.11 - Open Redirect
Open Redirect in Packagist microweber/microweber prior to 1.2.11.
CVSS 6.1
CVE-2022-0688 WRITEUP MEDIUM WRITEUP
Packagist microweber/microweber <1.2.11 - Info Disclosure
Business Logic Errors in Packagist microweber/microweber prior to 1.2.11.
CVSS 4.9
CVE-2022-0689 WRITEUP MEDIUM WRITEUP
Packagist microweber/microweber <1.2.11 - Info Disclosure
Use multiple time the one-time coupon in Packagist microweber/microweber prior to 1.2.11.
CVSS 5.3
CVE-2022-0690 WRITEUP MEDIUM WRITEUP
Packagist microweber/microweber <1.2.11 - XSS
Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.
CVSS 6.1
CVE-2022-0723 WRITEUP MEDIUM WRITEUP
microweber/microweber <1.2.11 - XSS
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.11.
CVSS 5.4
CVE-2022-0855 WRITEUP MEDIUM WRITEUP
microweber-dev/whmcs_plugin <0.0.4 - Path Traversal
Improper Resolution of Path Equivalence in GitHub repository microweber-dev/whmcs_plugin prior to 0.0.4.
CVSS 6.1
CVE-2022-0906 WRITEUP MEDIUM WRITEUP
microweber < 1.1.12 - Stored Cross-Site Scripting via Unrestricted File Upload
Unrestricted file upload leads to stored XSS in GitHub repository microweber/microweber prior to 1.1.12.
CVSS 4.8
CVE-2022-2174 WRITEUP MEDIUM WRITEUP
microweber/microweber <1.2.18 - XSS
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.18.
CVSS 6.1
CVE-2022-2252 WRITEUP MEDIUM WRITEUP
microweber < 1.2.19 - Open Redirect
Open Redirect in GitHub repository microweber/microweber prior to 1.2.19.
CVSS 6.1
CVE-2022-2280 WRITEUP MEDIUM WRITEUP
microweber < 1.2.19 - Stored Cross-Site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.
CVSS 5.4
CVE-2022-2300 WRITEUP MEDIUM WRITEUP
microweber/microweber <1.2.19 - XSS
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.
CVSS 5.4
CVE-2022-2353 WRITEUP MEDIUM WRITEUP
microweber < 1.2.20 - Cross-Site Request Forgery via Token Theft
Prior to microweber/microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery, fetch contents from same-site and redirect a user.
CVSS 6.1
CVE-2022-2368 WRITEUP MEDIUM WRITEUP
microweber < 1.2.20 - Authentication Bypass by Spoofing
Authentication Bypass by Spoofing in GitHub repository microweber/microweber prior to 1.2.20.
CVSS 6.5
CVE-2022-2470 WRITEUP MEDIUM WRITEUP
microweber < 1.2.21 - Reflected Cross-Site Scripting
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.21.
CVSS 6.1
CVE-2022-2495 WRITEUP MEDIUM WRITEUP
microweber < 1.2.21 - Stored Cross-Site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.21.
CVSS 4.8
CVE-2022-2777 WRITEUP MEDIUM WRITEUP
microweber < 1.3.1 - Stored Cross-Site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.1.
CVSS 5.4
CVE-2022-3242 WRITEUP MEDIUM WRITEUP
microweber/microweber <1.3.2 - Code Injection
Code Injection in GitHub repository microweber/microweber prior to 1.3.2.
CVSS 6.1
CVE-2022-3245 WRITEUP MEDIUM WRITEUP
microweber < 1.3.2 - HTML Injection
HTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user input.
CVSS 6.1
CVE-2022-4617 WRITEUP MEDIUM WRITEUP
microweber < 1.3.2 - Reflected Cross-Site Scripting
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.2.
CVSS 6.1
CVE-2022-4647 WRITEUP MEDIUM WRITEUP
microweber < 1.3.2 - Stored Cross-Site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.2.
CVSS 6.1