What is CVE-2020-13405?

CVE-2020-13405 is a vulnerability in N/a. Published 2020-07-16.

Is CVE-2020-13405 known to be exploited?

13 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-13405

userfiles/modules/users/controller/controller.php in Microweber before 1.1.20 allows an unauthenticated user to disclose the users database via a /modules/ POST request.

EPSS: 0.533 (98.0th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

mrnazu/CVE-2020-13405
Moniruzzaman995/CVE-2020-13405
20142995/nuclei-templates
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
H4cksploit/CVEs-master
RhinoSecurityLabs/CVEs
alphaSeclab/sec-daily-2020
merlinepedra/RHINOECURITY-CVEs
merlinepedra25/RHINOSECURITY-CVEs

References

github.com/microweber/microweber/commit/269320e0e0e06a1785e1a1556da769a34280b7e6 (x_refsource_MISC)
rhinosecuritylabs.com/research/microweber-database-disclosure/ (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-13405?: CVE-2020-13405 is a vulnerability in N/a. Published 2020-07-16.
Is CVE-2020-13405 known to be exploited?: 13 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.