CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

NVD•added 2019/06/20 2:15 p.m.•18 views

CVE-2018-16251

A "search for user discovery" injection issue exists in Creatiwity wityCMS 0.6.2 via the "Utilisateur" menu. No input parameters are filtered, e.g., the /admin/user/users Nickname, email, firstname, lastname, and groupe parameters...

4.3CVSS4.9AI score0.00931EPSS

Exploits1References1

Prion•added 2019/06/20 2:15 p.m.•8 views

Cross site scripting

The "utilisateur" menu in Creatiwity wityCMS 0.6.2 modifies the presence of XSS at two input points for user information, with the "first name" and "last name" parameters...

3.5CVSS5.3AI score0.00619EPSS

Exploits1References1Affected Software1

Prion•added 2019/06/20 2:15 p.m.•12 views

Design/Logic Flaw

4CVSS5AI score0.00931EPSS

Exploits1References1Affected Software1

Prion•added 2018/09/10 4:29 a.m.•11 views

Cross site scripting

wityCMS 0.6.2 has XSS via the "Site Name" field found in the "Contact" "Configuration" page...

3.5CVSS4.8AI score0.0067EPSS

Exploits1References1Affected Software1

exploitpack•added 2018/08/02 12:0 a.m.•20 views

WityCMS 0.6.2 - Cross-Site Request Forgery (Password Change)

WityCMS 0.6.2 - Cross-Site Request Forgery Password Change input type="hidden" name="groupe"...

6.8CVSS0.6AI score0.02513EPSS

Exploits5

0day.today•added 2018/08/02 12:0 a.m.•42 views

WityCMS 0.6.2 - Cross-Site Request Forgery (Password Change) Vulnerability

Exploit for php platform in category web applications i...

0.02513EPSS

Exploits5

Exploit DB•added 2018/08/02 12:0 a.m.•30 views

WityCMS 0.6.2 - Cross-Site Request Forgery (Password Change)

input t...

8.8CVSS8.8AI score0.02513EPSS

Exploits5

CVE•added 2018/07/13 2:0 a.m.•59 views

CVE-2018-14029

CVE-2018-14029 : CSRF in the WityCMS 0.6.2 admin/user/edit flow allows an attacker to take over a user account by modifying user data (e.g., email, password). The vulnerability stems from cross-site request forgery in the admin interface, with CVSSv3 base score 8.8 (HIGH) and user interaction req...

8.8CVSS8.4AI score0.02513EPSS

Exploits5References2Affected Software1

Prion•added 2018/06/08 12:29 p.m.•16 views

Remote file inclusion

A Local File Inclusion vulnerability in /system/WCore/WHelper.php in Creatiwity wityCMS 0.6.2 allows remote attackers to include local PHP files execute PHP code or read non-PHP files by replacing a helper.json file...

7.5CVSS9AI score0.02566EPSS

Exploits1References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by