CVE-2022-0895 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
@huntrdev	CNA	7.7 HIGH	NETWORK	HIGH	LOW	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 77%

Vendor	Product	Version
microweber	microweber	𝑥 < 1.3

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-96 - Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before inserting the input into an executable resource, such as a library, configuration file, or template.

References

https://github.com/microweber/microweber/commit/b2baab6e582b2efe63788d367a2bb61a2fa26470

https://huntr.dev/bounties/3c070828-fd00-476c-be33-9c877172363d

https://github.com/microweber/microweber/commit/b2baab6e582b2efe63788d367a2bb61a2fa26470

https://huntr.dev/bounties/3c070828-fd00-476c-be33-9c877172363d