Witycms@0.6.2 Security Vulnerabilities and Issues — Witycms@0.6.2 CVE List

Lucene search

CreatiwityWitycms0.6.2

6 matches found

CVE•added 2019/06/20 2:15 p.m.•72 views

CVE-2018-16250

The "utilisateur" menu in Creatiwity wityCMS 0.6.2 modifies the presence of XSS at two input points for user information, with the "first name" and "last name" parameters.

5.4CVSS5.3AI score0.00191EPSS

CVE•added 2019/06/20 2:15 p.m.•72 views

CVE-2018-16251

A "search for user discovery" injection issue exists in Creatiwity wityCMS 0.6.2 via the "Utilisateur" menu. No input parameters are filtered, e.g., the /admin/user/users Nickname, email, firstname, lastname, and groupe parameters.

4.3CVSS4.9AI score0.00235EPSS

CVE•added 2018/07/13 2:29 a.m.•49 views

CVE-2018-14029

CSRF vulnerability in admin/user/edit in Creatiwity wityCMS 0.6.2 allows an attacker to take over a user account, as demonstrated by modifying the account's email field.

8.8CVSS8.4AI score0.00245EPSS

CVE•added 2022/06/02 2:15 p.m.•44 views

CVE-2022-29725

An arbitrary file upload in the image upload component of wityCMS v0.6.2 allows attackers to execute arbitrary code via a crafted PHP file.

8.8CVSS8.8AI score0.00366EPSS

CVE•added 2018/06/08 12:29 p.m.•32 views

CVE-2018-12065

A Local File Inclusion vulnerability in /system/WCore/WHelper.php in Creatiwity wityCMS 0.6.2 allows remote attackers to include local PHP files (execute PHP code) or read non-PHP files by replacing a helper.json file.

9.8CVSS9AI score0.00769EPSS

CVE•added 2018/09/10 4:29 a.m.•24 views

CVE-2018-16776

wityCMS 0.6.2 has XSS via the "Site Name" field found in the "Contact" "Configuration" page.

4.8CVSS4.8AI score0.00235EPSS