CVE-2023-49052

HIGH

Microweber <2.0.4 - RCE

Title source: llm

Description

File Upload vulnerability in Microweber v.2.0.4 allows a remote attacker to execute arbitrary code via a crafted script to the file upload function in the created forms component.

Exploits (1)

nomisec WRITEUP

by Cyber-Wo0dy · poc

https://github.com/Cyber-Wo0dy/CVE-2023-49052

View Code ZIP pw:eip

References (2)

[Exploit, Patch, Third Party Advisory] https://github.com/Cyber-Wo0dy/CVE-2023-49052

[Exploit, Third Party Advisory] https://github.com/Cyber-Wo0dy/report/blob/main/microweber/v2.0.4/microweber_unrestricted_upload

Scores

CVSS v3 8.8

EPSS 0.2627

EPSS Percentile 96.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (2)

microweber/microweber 2.0.4

microweber/microweber 0Packagist

Published Nov 30, 2023

Tracked Since Feb 18, 2026