Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrVishalvishw10880D1171-3F82-490F-9A69-90324832DCBC
HistoryMar 14, 2022 - 9:31 p.m.

The microweber application allows large characters to insert in the input field "SKU" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber

2022-03-1421:31:38
vishalvishw10
www.huntr.dev
1

0.004 Low

EPSS

Percentile

75.0%

JSON

Go to add post http://site.com/admin/product/create
click on create new product
There will a option called SKU
Fill the input field with huge characters, (more than 1 lakh)
Copy the below payload and put it in the input fields and click on continue.
You will see the application accepts large characters and if we will increase the characters then it can lead to Dos

Download the payload from here:
https://drive.google.com/file/d/1mQ_RMqcWiKuzRL_sQ0LfeKCboOd3WcYP/view?usp=sharing

Video & Image POC:
https://drive.google.com/drive/folders/1Y4prHy4EWlJBaleOAyeN82lQeb4JaAca?usp=sharing

Patch recommendation:
The post title input should be limited to 500 characters or max 1000 characters.
References
https://vulners.com/cve/CVE-2022-25062
.

Related

cve 1
cnvd 1
prion 1
cvelist 1
nvd 1
cve
cve
CVE-2022-25062
2022-02-25 20:15:08
cnvd
cnvd
Tp-link TL-WR840N integer overflow vulnerability
2022-03-01 00:00:00
prion
prion
Integer overflow
2022-02-25 20:15:00
cvelist
cvelist
CVE-2022-25062
2022-02-25 19:38:58
nvd
nvd
CVE-2022-25062
2022-02-25 20:15:08

0.004 Low

EPSS

Percentile

75.0%

JSON
Related for 880D1171-3F82-490F-9A69-90324832DCBC
cve1cnvd1prion1cvelist1nvd1