An issue was discovered in Microweber 1.0.7. There is a CSRF attack (against the admin user) that can add an administrative account via api/save_user.
References
Link | Resource |
---|---|
https://github.com/microweber/microweber/commit/982ea9d5efb7d2306a05644ebc3469dadb33767e | Patch Vendor Advisory |
https://github.com/microweber/microweber/issues/483 | Exploit Issue Tracking Third Party Advisory |
https://github.com/microweber/microweber/issues/484 | Exploit Issue Tracking Third Party Advisory |
https://github.com/microweber/microweber/commit/982ea9d5efb7d2306a05644ebc3469dadb33767e | Patch Vendor Advisory |
https://github.com/microweber/microweber/issues/483 | Exploit Issue Tracking Third Party Advisory |
https://github.com/microweber/microweber/issues/484 | Exploit Issue Tracking Third Party Advisory |
Configurations
History
21 Nov 2024, 03:53
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/microweber/microweber/commit/982ea9d5efb7d2306a05644ebc3469dadb33767e - Patch, Vendor Advisory | |
References | () https://github.com/microweber/microweber/issues/483 - Exploit, Issue Tracking, Third Party Advisory | |
References | () https://github.com/microweber/microweber/issues/484 - Exploit, Issue Tracking, Third Party Advisory |
Information
Published : 2018-09-16 21:29
Updated : 2024-11-21 03:53
NVD link : CVE-2018-17104
Mitre link : CVE-2018-17104
CVE.ORG link : CVE-2018-17104
JSON object : View
Products Affected
microweber
- microweber
CWE
CWE-352
Cross-Site Request Forgery (CSRF)