CVE-2020-23138

Name of the Vulnerable Software and Affected Versions Microweber version 1.1.18

Description An unrestricted file upload vulnerability was discovered in the Microweber admin account page. An attacker can upload PHP code or any extension (e.g., .exe) to the web server by providing image data and the image/jpeg content type with a .php extension.

Recommendations For Microweber version 1.1.18, consider restricting file uploads to only allowed extensions and validating the content type of uploaded files to prevent exploitation. As a temporary workaround, restrict access to the admin account page until a patch is available.