CVE-2025-13768

WebITR developed by Uniong has an Authentication Bypass vulnerability, allowing authenticated remote attackers to log into the system as any user by modifying a specific parameter. Attackers must first obtain a user ID to exploit this vulnerability...

CVE-2025-13771

CVE-2025-13771 concerns WebITR, a system from Uniong. The vulnerability is an Arbitrary File Read caused by a Relative Path Traversal flaw, allowing authenticated remote attackers to download arbitrary system files. Affected details are consistently described across Red Hat, NVD, CIRCL, ENISA EUV...

CVE-2025-13769 Uniong｜WebITR - SQL Injection

WebITR developed by Uniong has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...

CVE-2025-9257

WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files...

CVE-2025-9255

WebITR by Uniong is affected by a SQL injection vulnerability that allows unauthenticated remote attackers to inject arbitrary SQL commands and read database contents. The available documents consistently describe this as a SQL injection issue in the WebITR system, without providing concrete deta...