PT-2022-13344 · Unknown · Microweber

Published

2022-02-18

Updated

2022-02-26

CVE-2022-0666

CVSS v3.1

7.6

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

Name of the Vulnerable Software and Affected Versions microweber/microweber versions prior to 1.2.11

Description The issue is related to CRLF Injection, which leads to Stack Trace Exposure due to a lack of filtering. This occurs at the endpoint https://demo.microweber.org/.

Recommendations For versions prior to 1.2.11, update to version 1.2.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected endpoint until a patch is applied.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-93

Related Identifiers

CVE-2022-0666

GHSA-3WWJ-WH2W-G4XP

Affected Products

Microweber

PT-2022-13344 · Unknown · Microweber

CVE-2022-0666

Weakness Enumeration

Related Identifiers

Affected Products

References · 8