MidnightBSD

Advisories for uniong

CVE-2025-13768

WebITR developed by Uniong has an Authentication Bypass vulnerability, allowing authenticated remote attackers to log into the system as any user by modifying a specific parameter. Attackers must first obtain a user ID to exploit this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.6 5.9

Products Affected

Vendor Product Version
uniong webitr *
CVE-2025-13769

WebITR developed by Uniong has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
uniong webitr *
CVE-2025-13770

WebITR developed by Uniong has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
uniong webitr *
CVE-2025-13771

WebITR developed by Uniong has an Arbitrary File Read vulnerability, allowing authenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
uniong webitr *
CVE-2025-9254

WebITR developed by Uniong has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to log into the system as arbitrary users by exploiting a specific functionality.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
uniong webitr *
CVE-2025-9255

WebITR developed by Uniong has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
uniong webitr *
CVE-2025-9256

WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
uniong webitr *
CVE-2025-9257

WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
uniong webitr *
CVE-2025-9258

WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
uniong webitr *
CVE-2025-9259

WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
uniong webitr *