Every CVE whose affected-product data names Creatiwity Witycms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2018-12065 — CVSS 9.8 (critical): A Local File Inclusion vulnerability in /system/WCore/WHelper.php in Creatiwity wityCMS 0.6.2 allows remote attackers to include local PHP…
CVE-2022-29725 — CVSS 8.8 (high): An arbitrary file upload in the image upload component of wityCMS v0.6.2 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2018-14029 — CVSS 8.8 (high): CSRF vulnerability in admin/user/edit in Creatiwity wityCMS 0.6.2 allows an attacker to take over a user account, as demonstrated by…
CVE-2018-16250 — CVSS 5.4 (medium): The "utilisateur" menu in Creatiwity wityCMS 0.6.2 modifies the presence of XSS at two input points for user information, with the "first…
CVE-2018-11512 — CVSS 4.8 (medium): Stored cross-site scripting (XSS) vulnerability in the "Website's name" field found in the "Settings" page under the "General" menu in…
CVE-2018-16251 — CVSS 4.3 (medium): A "search for user discovery" injection issue exists in Creatiwity wityCMS 0.6.2 via the "Utilisateur" menu. No input parameters are…