Witycms@0.6.2 Security Vulnerabilities and Issues — Witycms@0.6.2 CVE List

Lucene search

CreatiwityWitycms0.6.2

3 matches found

CVE•added 2018/07/13 2:29 a.m.•49 views

CVE-2018-14029

CSRF vulnerability in admin/user/edit in Creatiwity wityCMS 0.6.2 allows an attacker to take over a user account, as demonstrated by modifying the account's email field.

8.8CVSS8.4AI score0.00245EPSS

CVE•added 2018/06/08 12:29 p.m.•32 views

CVE-2018-12065

A Local File Inclusion vulnerability in /system/WCore/WHelper.php in Creatiwity wityCMS 0.6.2 allows remote attackers to include local PHP files (execute PHP code) or read non-PHP files by replacing a helper.json file.

9.8CVSS9AI score0.00769EPSS

CVE•added 2018/09/10 4:29 a.m.•24 views

CVE-2018-16776

wityCMS 0.6.2 has XSS via the "Site Name" field found in the "Contact" "Configuration" page.

4.8CVSS4.8AI score0.00235EPSS