Uniong Webitr vulnerabilities
11 known vulnerabilities affecting uniong/webitr.
Total CVEs
11
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM8
Vulnerabilities
Page 1 of 1
CVE-2025-9254P2CRITICALCVSS 9.8fixed in 2_1_0_33≤ 2_1_0_322025-08-22
CVE-2025-9254 [CRITICAL] CWE-306 CVE-2025-9254: WebITR developed by Uniong has a Missing Authentication vulnerability, allowing unauthenticated remo
WebITR developed by Uniong has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to log into the system as arbitrary users by exploiting a specific functionality.
nvd
CVE-2025-13768P3HIGHCVSS 8.8fixed in 2_1_0_34≤ 2_1_0_332025-11-28
CVE-2025-13768 [HIGH] CWE-639 CVE-2025-13768: WebITR developed by Uniong has an Authentication Bypass vulnerability, allowing authenticated remote
WebITR developed by Uniong has an Authentication Bypass vulnerability, allowing authenticated remote attackers to log into the system as any user by modifying a specific parameter. Attackers must first obtain a user ID to exploit this vulnerability.
nvd
CVE-2025-9255P3HIGHCVSS 7.5fixed in 2_1_0_33≤ 2_1_0_322025-08-22
CVE-2025-9255 [HIGH] CWE-89 CVE-2025-9255: WebITR developed by Uniong has a SQL Injection vulnerability, allowing unauthenticated remote attack
WebITR developed by Uniong has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
nvd
CVE-2025-13769P3MEDIUMCVSS 6.5fixed in 2_1_0_34≤ WebITR 2_1_0_332025-11-28
CVE-2025-13769 [MEDIUM] CWE-89 CVE-2025-13769: WebITR developed by Uniong has a SQL Injection vulnerability, allowing authenticated remote attacker
WebITR developed by Uniong has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.
nvd
CVE-2025-13770P3MEDIUMCVSS 6.5fixed in 2_1_0_34≤ WebITR 2_1_0_332025-11-28
CVE-2025-13770 [MEDIUM] CWE-89 CVE-2025-13770: WebITR developed by Uniong has a SQL Injection vulnerability, allowing authenticated remote attacker
WebITR developed by Uniong has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.
nvd
CVE-2025-13771P3MEDIUMCVSS 6.5fixed in 2_1_0_34≤ 2_1_0_332025-11-28
CVE-2025-13771 [MEDIUM] CWE-23 CVE-2025-13771: WebITR developed by Uniong has an Arbitrary File Read vulnerability, allowing authenticated remote a
WebITR developed by Uniong has an Arbitrary File Read vulnerability, allowing authenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.
nvd
CVE-2025-9257P3MEDIUMCVSS 6.5fixed in 2_1_0_33≤ 2_1_0_322025-08-22
CVE-2025-9257 [MEDIUM] CWE-36 CVE-2025-9257: WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers wi
WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.
nvd
CVE-2025-9259P3MEDIUMCVSS 6.5fixed in 2_1_0_33≤ 2_1_0_322025-08-22
CVE-2025-9259 [MEDIUM] CWE-36 CVE-2025-9259: WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers wi
WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.
nvd
CVE-2025-9258P3MEDIUMCVSS 6.5fixed in 2_1_0_33≤ 2_1_0_322025-08-22
CVE-2025-9258 [MEDIUM] CWE-36 CVE-2025-9258: WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers wi
WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.
nvd
CVE-2025-9256P3MEDIUMCVSS 6.5fixed in 2_1_0_33≤ 2_1_0_322025-08-22
CVE-2025-9256 [MEDIUM] CWE-36 CVE-2025-9256: WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers wi
WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.
nvd
CVE-2024-8586P4MEDIUMCVSS 6.1fixed in 2_1_0_28≤ 2_1_0_272024-09-09
CVE-2024-8586 [MEDIUM] CWE-601 CVE-2024-8586: WebITR from Uniong has an Open Redirect vulnerability, which allows unauthorized remote attackers to
WebITR from Uniong has an Open Redirect vulnerability, which allows unauthorized remote attackers to exploit this vulnerability to forge URLs. Users, believing they are accessing a trusted domain, can be redirected to another page, potentially leading to phishing attacks.
nvd