CVE-2022-0557: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

February 12, 2022 (updated February 26, 2022)

OS Command Injection in Packagist microweber/microweber prior to 1.2.11.

References

packetstormsecurity.com/files/166077/Microweber-1.2.11-Shell-Upload.html
github.com/advisories/GHSA-vm37-j55j-8655
github.com/microweber/microweber/commit/0a7e5f1d81de884861ca677ee1aaac31f188d632
huntr.dev/bounties/660c89af-2de5-41bc-aada-9e4e78142db8
nvd.nist.gov/vuln/detail/CVE-2022-0557

Detect and mitigate CVE-2022-0557 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →