Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-582p-2fpg-x226: Microweber vulnerable to command injection

microweber/microweber prior to 1.3.3 is vulnerable to command injection in the “first name” field. This allows for server-side template injection, which can lead to arbitrary code execution.

ghsa
#web#git

Microweber vulnerable to command injection

Moderate severity GitHub Reviewed Published Apr 5, 2023 to the GitHub Advisory Database • Updated Apr 6, 2023

Related news

CVE-2023-1877: RCE by Server Side Template Injection in microweber

Command Injection in GitHub repository microweber/microweber prior to 1.3.3.