CVE-2022-0666

HIGH NUCLEI

microweber/microweber <1.2.11 - Stack Trace Exposure

Title source: llm

Description

CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11.

Exploits (1)

nomisec

by keyboardancer · poc

https://github.com/keyboardancer/CVE-2022-0666

View on nomisec

Nuclei Templates (1)

Microweber < 1.2.11 - CRLF Injection

HIGHVERIFIEDby ritikchaddha

Shodan: http.favicon.hash:780351152 || http.html:"microweber"

FOFA: icon_hash=780351152 || body="microweber"

References (2)

[Patch, Third Party Advisory] https://github.com/microweber/microweber/commit/f0e338f1b7dc5ec9d99231f4ed3fa6245a5eb128

[Exploit, Patch, Third Party Advisory] https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55

Scores

CVSS v3 7.5

EPSS 0.2890

EPSS Percentile 96.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-93

Status published

Affected Products (2)

microweber/microweber < 1.2.11

microweber/microweber < 1.2.11Packagist

Timeline

Published Feb 18, 2022

Tracked Since Feb 18, 2026