CVE-2020-13241

Name of the Vulnerable Software and Affected Versions Microweber version 1.1.18

Description The issue allows Unrestricted File Upload because the "admin/view:modules/load module:users#edit-user=1" endpoint does not verify that the file extension corresponds to an image file when using the Add Image option on the Edit User screen.

Recommendations For Microweber version 1.1.18, as a temporary workaround, consider disabling the image upload functionality in the Edit User screen until a patch is available. Restrict access to the "admin/view:modules/load module:users#edit-user=1" endpoint to minimize the risk of exploitation. Avoid using the file upload option in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.