7 matches found
CVE-2018-16250
CVE-2018-16250 affects Creatiwity wityCMS 0.6.2. The vulnerability lies in the utilisateur menu where XSS is introduced at two input points for user information (first name and last name). Several sources (CNVD-2019-19292, RH:CVE, NVD entry) describe it as lack of proper validation of client-side...
CVE-2018-16251
CVE-2018-16251 : In Creatiwity wityCMS 0.6.2, an injection vulnerability exists in the administrator user discovery path via the Utillisateur menu. The issue arises because several user-related inputs (Nickname, email, firstname, lastname, groupe) are not filtered in the /admin/user/users interfa...
CVE-2022-29725
The CVE-2022-29725 entry concerns Creatiwity wityCMS 0.6.2, where an arbitrary file upload in the image upload component enables code execution via a crafted PHP file. Documents indicate this is exploitable over the network with low complexity and no user interaction, potentially causing high-imp...
CVE-2018-14029
CVE-2018-14029 : CSRF in the WityCMS 0.6.2 admin/user/edit flow allows an attacker to take over a user account by modifying user data (e.g., email, password). The vulnerability stems from cross-site request forgery in the admin interface, with CVSSv3 base score 8.8 (HIGH) and user interaction req...
CVE-2018-11512
Creatiwity wityCMS 0.6.1 is affected by a stored XSS in the Settings > General page, in the Website’s name field. The vulnerability occurs via an authenticated POST to admin/settings/general, allowing an attacker to inject arbitrary script/HTML that may be reflected to users. Public references...
CVE-2018-12065
CVE-2018-12065 describes a Local File Inclusion in Creatiwity wityCMS 0.6.2. The vuln occurs in /system/WCore/WHelper.php where an attacker can replace helper.json to include local PHP files (potentially executing PHP code) or read non-PHP files. Multiple connected sources corroborate this LFI at...
CVE-2018-16776
CVE-2018-16776 affects wityCMS 0.6.2 with a reflected XSS via the Site Name field on the Contact Configuration page. The connected documents confirm the vulnerability but do not provide exploitation details, specific root cause analysis, affected versions beyond 0.6.2, or remediation steps. No in...