.. / CVE-2020-13405

Exploit for Microweber <1.1.20 - Information Disclosure (CVE-2020-13405)

Description:

Microweber before 1.1.20 is susceptible to information disclosure via userfiles/modules/users/controller/controller.php. An attacker can disclose the users database via a /modules/ POST request and thus potentially access sensitive information, modify data, and/or execute unauthorized operations.

Nuclei Template

View the template here CVE-2020-13405.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2020/CVE-2020-13405.yaml

References:

https://github.com/merlinepedra/RHINOECURITY-CVEs
https://github.com/mrnazu/CVE-2020-13405
https://rhinosecuritylabs.com/research/microweber-database-disclosure/
https://nvd.nist.gov/vuln/detail/CVE-2020-13405
https://github.com/microweber/microweber/commit/269320e0e0e06a1785e1a1556da769a34280b7e6

.. / CVE-2020-13405 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Microweber <1.1.20 - Information Disclosure (CVE-2020-13405)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2020-13405