Leaking error content at upload file in microweber/microweber
Jun 8th 2023
1/ Access to demo website and go to https://demo.microweber.org/demo/admin/content/21/edit
2/ There is an upload file function, then upload a file to trigger the error. Moreover, it allows to upload ZIP file (which should not be allowed here)
Proof of Concept
Link PoC: https://drive.google.com/file/d/1e9DS3Q-RGC0HlY_AzcDYCz5W5x9CqtQd/view?usp=sharing
Attacker can take advantage of it to get information about the application through error content.