Описание
Microweber vulnerable to command injection
microweber/microweber prior to 1.3.3 is vulnerable to command injection in the "first name" field. This allows for server-side template injection, which can lead to arbitrary code execution.
Пакеты
Наименование
microweber/microweber
composer
Затронутые версииВерсия исправления
< 1.3.3
1.3.3
Связанные уязвимости
CVSS3: 9.8
nvd
почти 3 года назад
Command Injection in GitHub repository microweber/microweber prior to 1.3.3.