What is the severity of CVE-2022-1631?

The severity of CVE-2022-1631 is high.

Which software version is affected by CVE-2022-1631?

Version 1.2.15 of Microweber is affected by CVE-2022-1631.

Are there any fixes available for CVE-2022-1631?

Yes, there is a fix available for CVE-2022-1631. It is recommended to update to a version higher than 1.2.15 of Microweber.

Where can I find more information about CVE-2022-1631?

You can find more information about CVE-2022-1631 on the following references: [link1], [link2], [link3].

Vulnerability/
CVE-2022-1631

high

8.8

CWE

863 284

9/5/2022

19/10/2022

CVE-2022-1631

Q: How can an attacker exploit CVE-2022-1631?

An attacker can exploit CVE-2022-1631 by creating an account in the application using the victim's email, allowing them to gain access to the victim's account.

First published: Mon May 09 2022(Updated: )

Users Account Pre-Takeover or Users Account Takeover. in GitHub repository microweber/microweber prior to 1.2.15. Victim Account Take Over. Since, there is no email confirmation, an attacker can easily create an account in the application using the Victim’s Email. This allows an attacker to gain pre-authentication to the victim’s account. Further, due to the lack of proper validation of email coming from Social Login and failing to check if an account already exists, the victim will not identify if an account is already existing. Hence, the attacker’s persistence will remain. An attacker would be able to see all the activities performed by the victim user impacting the confidentiality and attempt to modify/corrupt the data impacting the integrity and availability factor. This attack becomes more interesting when an attacker can register an account from an employee’s email address. Assuming the organization uses G-Suite, it is much more impactful to hijack into an employee’s account.

Credit: security@huntr.dev

Affected Software	Affected Version	How to fix
Microweber Microweber	<1.2.15

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2022-1631?
The severity of CVE-2022-1631 is high.
Which software version is affected by CVE-2022-1631?
Version 1.2.15 of Microweber is affected by CVE-2022-1631.
How can an attacker exploit CVE-2022-1631?
An attacker can exploit CVE-2022-1631 by creating an account in the application using the victim's email, allowing them to gain access to the victim's account.
Are there any fixes available for CVE-2022-1631?
Yes, there is a fix available for CVE-2022-1631. It is recommended to update to a version higher than 1.2.15 of Microweber.
Where can I find more information about CVE-2022-1631?
You can find more information about CVE-2022-1631 on the following references: [link1], [link2], [link3].

collector/nvd-index
agent/references
agent/weakness
agent/severity
agent/author
agent/tags
agent/type
agent/description
agent/event
agent/last-modified-date
agent/remedy
agent/softwarecombine
agent/first-publish-date
vendor/microweber
canonical/microweber microweber

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.