CNNVD-202511-2984 Information

CNNVD ID

CNNVD-202511-2984

Related CVE

CVE-2025-13768

• CNNVD Published: 2025-11-28

Description (Chinese)

Uniong WebITR是中国凯发（Uniong）公司的一款在线考勤系统。 Uniong WebITR存在安全漏洞，该漏洞源于身份验证绕过，允许远程攻击者通过修改特定参数以任意用户身份登录。

Description (English)

Uniong WebITR is an online attendance system of Uniong China. There is a security loophole in Uniong WebITr, which originates from a circumvention of identification, allowing remote assailants to log in as random users by modifying specific parameters.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

凯发

Published

2025-11-28

Last Modified

2026-02-24

References

https://www.twcert.org.tw/en/cp-139-10539-21f45-2.html https://www.twcert.org.tw/tw/cp-132-10538-6a26d-1.html https://access.redhat.com/security/cve/cve-2025-13768

Patch

https://www.uniong.com.tw/public/index/