Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-0961: The microweber application allows large characters to insert in the input field "post title" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber

The microweber application allows large characters to insert in the input field “post title” which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in GitHub repository microweber/microweber prior to 1.2.12.

CVE
Open in Source
#web#google#dos#git

Proof of Concept

  1. Go to add post http://site.com/admin/post/create
  2. click on create new post
  3. There will a option called post title
  4. Fill the input field with huge characters, (more than 1 lakh)
  5. Copy the below payload and put it in the input fields and click on continue.
  6. You will see the application accepts large characters and if we will increase the characters then it can lead to Dos.

Download the payload from here:

https://drive.google.com/file/d/1-e-lPMJxO7zBhcZOGKipnqOj3C4ygDGA/view?usp=drivesdk

Video & Image POC:

https://drive.google.com/drive/folders/1-L7kp5bmCuxBIEIxaUPu_lmKSOPpSdMU

Patch recemmondation:

  1. The post title input should be limited to 500 characters or max 1000 characters.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE