Miggo Logo
Miggo Vulnerability Database
CVE-2022-2368

CVE-2022-2368: Microweber before 1.2.21 allows attacker to bypass IP detection to brute-force password

6.5

CVSS Score
3.0

Basic Information

CVE ID
CVE-2022-2368
GHSA ID
GHSA-9wqr-9787-p4rf
EPSS Score
0.03584%
CWE
CWE-290
Published
7/12/2022
Updated
7/3/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
Package NameEcosystemVulnerable VersionsFirst Patched Version
microweber/microwebercomposer< 1.2.211.2.21

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper IP validation in the login mechanism. The patch adds a new server-side IP check using $_SERVER['REMOTE_ADDR'], indicating the original implementation only used client-controlled headers for IP tracking. The login function (::login) was modified to add this critical security check, confirming it was the vulnerable entry point where IP spoofing could bypass rate limiting. The commit message and CWE-290 classification directly point to authentication bypass via header spoofing in the login process.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

In t** lo*in *PI, *n IP ***r*ss will *y ****ult ** *lo*k** w**n t** us*r tri*s to lo*in in*orr**tly mor* t**n * tim*s. *ow*v*r, * *yp*ss to t*is m****nism is possi*l* *y **usin* * X-*orw*r***-*or *****r to *yp*ss IP **t**tion *n* p*r*orm * p*sswor* *

Reasoning

T** vuln*r**ility st*ms *rom improp*r IP v*li**tion in t** lo*in m****nism. T** p*t** ***s * n*w s*rv*r-si** IP ****k usin* $_S*RV*R['R*MOT*_***R'], in*i**tin* t** ori*in*l impl*m*nt*tion only us** *li*nt-*ontroll** *****rs *or IP tr**kin*. T** lo*in