An issue was discovered in Microweber 1.0.7. There is a CSRF attack (against the admin user) that can add an administrative account via api/save_user.
References
Link | Resource |
---|---|
https://github.com/microweber/microweber/commit/982ea9d5efb7d2306a05644ebc3469dadb33767e | Patch Vendor Advisory |
https://github.com/microweber/microweber/issues/483 | Exploit Issue Tracking Third Party Advisory |
https://github.com/microweber/microweber/issues/484 | Exploit Issue Tracking Third Party Advisory |
Configurations
History
No history.
Information
Published : 2018-09-16 21:29
Updated : 2024-02-28 16:48
NVD link : CVE-2018-17104
Mitre link : CVE-2018-17104
CVE.ORG link : CVE-2018-17104
JSON object : View
Products Affected
microweber
- microweber
CWE
CWE-352
Cross-Site Request Forgery (CSRF)