The microweber application allows large characters to insert in the input field "SKU" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber in microweber/microweber

Valid

Reported on

Mar 14th 2022


Go to add post http://site.com/admin/product/create click on create new product There will a option called SKU Fill the input field with huge characters, (more than 1 lakh) Copy the below payload and put it in the input fields and click on continue. You will see the application accepts large characters and if we will increase the characters then it can lead to Dos

Download the payload from here: https://drive.google.com/file/d/1mQ_RMqcWiKuzRL_sQ0LfeKCboOd3WcYP/view?usp=sharing

Video & Image POC: https://drive.google.com/drive/folders/1Y4prHy4EWlJBaleOAyeN82lQeb4JaAca?usp=sharing

Patch recommendation: The post title input should be limited to 500 characters or max 1000 characters. References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25062 .

We are processing your report and will contact the microweber team within 24 hours. 2 months ago
Bozhidar Slaveykov modified the report
2 months ago
Bozhidar Slaveykov validated this vulnerability 2 months ago
Vishal Vishwakarma has been awarded the disclosure bounty
The fix bounty is now up for grabs
Bozhidar Slaveykov confirmed that a fix has been merged on 7eff34 2 months ago
Bozhidar Slaveykov has been awarded the fix bounty
Vishal
2 months ago

Researcher


can you please registar this cve

Vishal
2 months ago

Researcher


Awesome, Thanks, Hi @admin , could i request a cve for this bug?

Jamie Slome
2 months ago

Admin


Before we proceed with a CVE, we just need to confirm that the maintainer is happy to proceed as well.

@maintainer, are you happy to assign and publish a CVE for this report?

Vishal
2 months ago

Researcher


any update ?

Vishal
2 months ago

Researcher


any update @bobimicroweber @maintainer

Vishal
13 days ago

Researcher


any update @jamieslome

Vishal
13 days ago

Researcher


@admin

Vishal
13 days ago

Researcher


@admin As the fix has been deployed can you assign and publish a CVE for this report?

Jamie Slome
13 days ago

Admin


@vishalvishw10 - as this report has a severity of None, I think it assigning and publishing a CVE for this report is unwarranted.

Vishal
13 days ago

Researcher


@admin I don't think my report severity is none because some one has reported same vulnerability in different end but he got his cve please check https://huntr.dev/bounties/cdf00e14-38a7-4b6b-9bb4-3a71bf24e436/

Jamie Slome
12 days ago

Admin


Ultimately it is up to the maintainer what they perceive the severity to be, as we generally do not take a position on this.

We believe that the maintainer is best placed to understand this 👍

to join this conversation