CVE-2022-4732 : Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/

Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.3.2.

Published 2022-12-27 15:15:13

Updated 2023-01-05 17:17:39

Source huntr.dev

View at NVD, CVE.org

Products affected by CVE-2022-4732

Microweber » Microweber
Versions up to, including, (<=) 1.3.1
cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.80%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 72 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.7	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L	1.2	3.4	huntr.dev
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: Low Availability: Low
7.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	1.2	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

Assigned by: security@huntr.dev (Primary)

https://huntr.dev/bounties/d5be2e96-1f2f-4357-a385-e184cf0119aa

File Upload Filter Bypass vulnerability found in microweber
Exploit;Patch;Third Party Advisory
https://github.com/microweber/microweber/commit/0d279ac81052ce7ee97c18c811a9b8e912189da0

update · microweber/microweber@0d279ac · GitHub
Third Party Advisory

Jump to