CVE-2025-9256

High CVSS: 7.1

WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.

Vendor

Uniong

Product

Webitr

CWE

CWE-36

Yayın Tarihi

2025-08-22 12:15:34

Güncelleme

2025-11-06 22:06:26

Source Identifier

twcert@cert.org.tw

KEV Date Added

Kategoriler

CWE-36 Webitr HIGH Uniong 2025

Referanslar

https://www.twcert.org.tw/en/cp-139-10329-a1c5d-2.html https://www.twcert.org.tw/tw/cp-132-10328-dbc35-1.html

Benzer Kayıtlar

High

CVE-2025-13771

WebITR developed by Uniong has an Arbitrary File Read vulnerability, allowing authenticated remote attackers to exploit…

High

CVE-2025-13769

WebITR developed by Uniong has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrar…

High

CVE-2025-13770

WebITR developed by Uniong has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrar…

High

CVE-2025-13768

WebITR developed by Uniong has an Authentication Bypass vulnerability, allowing authenticated remote attackers to log in…

High

CVE-2025-9255

WebITR developed by Uniong has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitr…

High

CVE-2025-9257

WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privilege…