Webitr
by Uniong
CVEs (11)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-13771 | 0.00 | — | 0.00 | Nov 28, 2025 | WebITR developed by Uniong has an Arbitrary File Read vulnerability, allowing authenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files. | ||
| CVE-2025-13770 | 0.00 | — | 0.00 | Nov 28, 2025 | WebITR developed by Uniong has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents. | ||
| CVE-2025-13769 | 0.00 | — | 0.00 | Nov 28, 2025 | WebITR developed by Uniong has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents. | ||
| CVE-2025-13768 | 0.00 | — | 0.00 | Nov 28, 2025 | WebITR developed by Uniong has an Authentication Bypass vulnerability, allowing authenticated remote attackers to log into the system as any user by modifying a specific parameter. Attackers must first obtain a user ID to exploit this vulnerability. | ||
| CVE-2025-9259 | 0.00 | — | 0.00 | Aug 22, 2025 | WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files. | ||
| CVE-2025-9258 | 0.00 | — | 0.00 | Aug 22, 2025 | WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files. | ||
| CVE-2025-9257 | 0.00 | — | 0.00 | Aug 22, 2025 | WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files. | ||
| CVE-2025-9256 | 0.00 | — | 0.00 | Aug 22, 2025 | WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files. | ||
| CVE-2025-9255 | 0.00 | — | 0.00 | Aug 22, 2025 | WebITR developed by Uniong has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents. | ||
| CVE-2025-9254 | 0.00 | — | 0.00 | Aug 22, 2025 | WebITR developed by Uniong has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to log into the system as arbitrary users by exploiting a specific functionality. | ||
| CVE-2024-8586 | 0.00 | — | 0.00 | Sep 9, 2024 | WebITR from Uniong has an Open Redirect vulnerability, which allows unauthorized remote attackers to exploit this vulnerability to forge URLs. Users, believing they are accessing a trusted domain, can be redirected to another page, potentially leading to phishing attacks. |
- CVE-2025-13771Nov 28, 2025risk 0.00cvss —epss 0.00
WebITR developed by Uniong has an Arbitrary File Read vulnerability, allowing authenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.
- CVE-2025-13770Nov 28, 2025risk 0.00cvss —epss 0.00
WebITR developed by Uniong has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.
- CVE-2025-13769Nov 28, 2025risk 0.00cvss —epss 0.00
WebITR developed by Uniong has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.
- CVE-2025-13768Nov 28, 2025risk 0.00cvss —epss 0.00
WebITR developed by Uniong has an Authentication Bypass vulnerability, allowing authenticated remote attackers to log into the system as any user by modifying a specific parameter. Attackers must first obtain a user ID to exploit this vulnerability.
- CVE-2025-9259Aug 22, 2025risk 0.00cvss —epss 0.00
WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.
- CVE-2025-9258Aug 22, 2025risk 0.00cvss —epss 0.00
WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.
- CVE-2025-9257Aug 22, 2025risk 0.00cvss —epss 0.00
WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.
- CVE-2025-9256Aug 22, 2025risk 0.00cvss —epss 0.00
WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.
- CVE-2025-9255Aug 22, 2025risk 0.00cvss —epss 0.00
WebITR developed by Uniong has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
- CVE-2025-9254Aug 22, 2025risk 0.00cvss —epss 0.00
WebITR developed by Uniong has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to log into the system as arbitrary users by exploiting a specific functionality.
- CVE-2024-8586Sep 9, 2024risk 0.00cvss —epss 0.00
WebITR from Uniong has an Open Redirect vulnerability, which allows unauthorized remote attackers to exploit this vulnerability to forge URLs. Users, believing they are accessing a trusted domain, can be redirected to another page, potentially leading to phishing attacks.