Arbitrary File Upload Vulnerability in Microweber 1.1.3: Exploiting the Settings Upload Picture Section

Arbitrary File Upload Vulnerability in Microweber 1.1.3: Exploiting the Settings Upload Picture Section

CVE-2021-36461 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

An Arbitrary File Upload vulnerability exists in Microweber 1.1.3 that allows attackers to getshell via the Settings Upload Picture section by uploading pictures with malicious code, user.ini.

Learn more about our Web App Pen Testing.