Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Product: Microweber
Product Version: 1.1.18
Vulnerability: Unrestricted File upload
Description:
An Unrestricted File Upload Vulnerability in the Microweber version 1.1.18 allows remote attackers to upload any extensions like php, exe in the profile upload section.
Attack Type: Local
Impact:
An attacker with the ability to upload a malicious file to the application can set up drive-by-download attacks, deface the website, or gain access to the file system through a web shell.
Reference:
https://owasp.org/www-community/vulnerabilities/Unrestricted_File_Upload
https://null-byte.wonderhowto.com/how-to/upload-shell-web-server-and-get-root-rfi-part-1-0162818/
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.