PT-2022-13560 · Unknown · Microweber
Published
2022-03-15
·
Updated
2022-03-22
·
CVE-2022-0961
CVSS v3.1
7.1
High
| Vector | AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
microweber versions prior to 1.2.12
Description
The microweber application allows large characters to be inserted in the input field
post title, which can enable attackers to cause a Denial of Service (DoS) via a crafted HTTP request.Recommendations
For versions prior to 1.2.12, update to version 1.2.12 or later to resolve the issue.
As a temporary workaround, consider limiting the
post title input to 500 characters or a maximum of 1000 characters to minimize the risk of exploitation.Exploit
Fix
DoS
Integer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Microweber