module
Microweber CMS v1.2.10 Local File Inclusion (Authenticated)
| Disclosed |
|---|
| Jan 30, 2022 |
Disclosed
Jan 30, 2022
Description
Microweber CMS v1.2.10 has a backup functionality. Upload and download endpoints can be combined to read any file from the filesystem.
Upload function may delete the local file if the web service user has access.
Upload function may delete the local file if the web service user has access.
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.