What the vulnerability does
01Description
Weak Password Recovery Mechanism for Forgotten Password in GitHub repository microweber/microweber prior to 1.3.
CVE-2022-0777
HIGH
CVE-2022-0777: Weak Password Recovery Mechanism for Forgotten Password in microweber/microweber
CVSS base score
7.3/10
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Key dates
02Disclosure timeline
March 1, 2022
CVE published
August 2, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2026-50635 LimeSurvey Password Reset Host Header Injection Discloses Reset Token
CVE-2025-2093 PHPGurukul Online Library Management System change-password.php password recovery
CVE-2015-10071 gitter-badger ezpublish-modern-legacy forgotpassword.php password recovery
CVE-2025-52560 Kanboard Password Reset Poisoning via Host Header Injection
CVE-2021-36804 Akaunting Password Reset Relay
