{"id":"CVE-2018-17104","details":"An issue was discovered in Microweber 1.0.7. There is a CSRF attack (against the admin user) that can add an administrative account via api/save_user.","modified":"2026-03-15T22:20:00.386033Z","published":"2018-09-16T21:29:02.173Z","references":[{"type":"REPORT","url":"https://github.com/microweber/microweber/issues/483"},{"type":"REPORT","url":"https://github.com/microweber/microweber/issues/484"},{"type":"FIX","url":"https://github.com/microweber/microweber/commit/982ea9d5efb7d2306a05644ebc3469dadb33767e"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/microweber/microweber","events":[{"introduced":"0"},{"last_affected":"ac330b03362766789f3e9caa8fa0618b1fdc3517"},{"fixed":"982ea9d5efb7d2306a05644ebc3469dadb33767e"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.0.7"}]}}],"versions":["1.0.3","1.0.5-fix1","1.0.6","1.0.7","1.0.7-fix1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-17104.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}