Headline
GHSA-582p-2fpg-x226: Microweber vulnerable to command injection
microweber/microweber prior to 1.3.3 is vulnerable to command injection in the “first name” field. This allows for server-side template injection, which can lead to arbitrary code execution.
Microweber vulnerable to command injection
Moderate severity GitHub Reviewed Published Apr 5, 2023 to the GitHub Advisory Database • Updated Apr 6, 2023
Related news
CVE-2023-1877: RCE by Server Side Template Injection in microweber
Command Injection in GitHub repository microweber/microweber prior to 1.3.3.