Description
SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parent_id variable.
Exploits (1)
References (2)
Core 2
Core References
Patch x_refsource_confirm
https://github.com/microweber/microweber/commit/4ee09f9dda35cd1b15daa351f335c2a4a0538d29
Exploit x_refsource_misc
https://www.youtube.com/watch?v=SSE8Xj_-QaQ
Scores
EPSS
0.0213
EPSS Percentile
84.2%
Details
CWE
CWE-89
Status
published
Products (1)
microweber/microweber
< 0.95
Published
Jan 03, 2015
Tracked Since
Feb 18, 2026