CVE-2022-0724: 
PHP vulnerability analysis and mitigation

CVE-2022-0724 affects the GitHub repository microweber/microweber versions prior to 1.3. The vulnerability is classified as Insecure Storage of Sensitive Information, identified and tracked as CWE-922. The issue was disclosed on February 23, 2022 (NVD).

The vulnerability has received varying CVSS severity ratings from different sources. The NVD assigned a CVSS v3.1 Base Score of 6.5 (MEDIUM) with vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, while huntr.dev assessed it as CRITICAL with a score of 9.1 and vector CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H. Under CVSS v2.0, it received a Base Score of 4.0 (MEDIUM) with vector (AV:N/AC:L/Au:S/C:P/I:N/A:N) (NVD).

The vulnerability allows unauthorized access to sensitive information stored in the GitHub repository. The high confidentiality impact rating in the CVSS scores indicates that the vulnerability could lead to significant disclosure of sensitive data (NVD).

The vulnerability has been patched in version 1.3 of microweber/microweber. Users should upgrade to this version or later to mitigate the risk. A fix was implemented through a commit that addresses the insecure storage issue (GitHub Patch).