PT-2022-13567 · Unknown · Microweber

Published

2022-03-15

Updated

2022-03-22

CVE-2022-0968

CVSS v3.1

7.2

High

Vector

AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions microweber versions prior to 1.2.12

Description The microweber application has an issue where large characters can be inserted into the input field first & last name, potentially allowing attackers to cause a Denial of Service (DoS) via a crafted HTTP request. It is suggested that the input field should be limited to 50 characters or a maximum of 100 characters to prevent this issue.

Recommendations For versions prior to 1.2.12, update to version 1.2.12 or later to resolve the issue. As a temporary workaround, consider limiting the input field first & last name to 50 characters or a maximum of 100 characters to minimize the risk of exploitation.

Exploit

Fix

DoS

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

CVE-2022-0968

GHSA-5FXV-XX5P-G2FV

Affected Products

Microweber

PT-2022-13567 · Unknown · Microweber

CVE-2022-0968

Weakness Enumeration

Related Identifiers

Affected Products

References · 7