7.5
CVE-2026-12198
- EPSS 0.53%
- Veröffentlicht 15.06.2026 00:16:43
- Zuletzt bearbeitet 15.06.2026 20:42:32
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
Microweber API Endpoint thumbnail_img userfiles_path path traversal
A weakness has been identified in Microweber up to 2.0.20. This affects the function userfiles_path of the file /api_nosession/thumbnail_img of the component API Endpoint. Executing a manipulation of the argument cache_path_relative can lead to path traversal. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Herstellern/a
≫
Produkt
Microweber
Version
2.0.0
Status
affected
Version
2.0.1
Status
affected
Version
2.0.2
Status
affected
Version
2.0.3
Status
affected
Version
2.0.4
Status
affected
Version
2.0.5
Status
affected
Version
2.0.6
Status
affected
Version
2.0.7
Status
affected
Version
2.0.8
Status
affected
Version
2.0.9
Status
affected
Version
2.0.10
Status
affected
Version
2.0.11
Status
affected
Version
2.0.12
Status
affected
Version
2.0.13
Status
affected
Version
2.0.14
Status
affected
Version
2.0.15
Status
affected
Version
2.0.16
Status
affected
Version
2.0.17
Status
affected
Version
2.0.18
Status
affected
Version
2.0.19
Status
affected
Version
2.0.20
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.53% | 0.401 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cna@vuldb.com | 7.3 | 3.9 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
|
| cna@vuldb.com | 5.5 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| cna@vuldb.com | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
https://github.com/microweber/microweber/
https://github.com/microweber/microweber/issues/1172
https://github.com/whuHouYF/microweber-vuldb-disclosure-2026/blob/991630c494a99c70a96e456992a04de2ecb5a1e1/reports/microweber-path-traversal.md
https://vuldb.com/cve/CVE-2026-12198
https://vuldb.com/submit/829596
https://vuldb.com/vuln/370841
https://vuldb.com/vuln/370841/cti