CVE-2025-13768

High CVSS: 7.7

WebITR developed by Uniong has an Authentication Bypass vulnerability, allowing authenticated remote attackers to log into the system as any user by modifying a specific parameter. Attackers must first obtain a user ID to exploit this vulnerability.

Vendor

Uniong

Product

Webitr

CWE

CWE-639

Yayın Tarihi

2025-11-28 08:15:52

Güncelleme

2025-12-01 14:39:31

Source Identifier

twcert@cert.org.tw

KEV Date Added

Kategoriler

CWE-639 Webitr HIGH Uniong 2025

Referanslar

https://www.twcert.org.tw/en/cp-139-10539-21f45-2.html https://www.twcert.org.tw/tw/cp-132-10538-6a26d-1.html

Benzer Kayıtlar

High

CVE-2025-13771

WebITR developed by Uniong has an Arbitrary File Read vulnerability, allowing authenticated remote attackers to exploit…

High

CVE-2025-13769

WebITR developed by Uniong has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrar…

High

CVE-2025-13770

WebITR developed by Uniong has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrar…

High

CVE-2025-9255

WebITR developed by Uniong has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitr…

High

CVE-2025-9256

WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privilege…

High

CVE-2025-9257

WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privilege…