CVE-2018-12065

Name of the Vulnerable Software and Affected Versions Creatiwity wityCMS version 0.6.2

Description A Local File Inclusion issue in the /system/WCore/WHelper.php file allows remote attackers to include local PHP files, which can lead to the execution of PHP code, or read non-PHP files by replacing a helper.json file.

Recommendations For Creatiwity wityCMS version 0.6.2, consider restricting access to the /system/WCore/WHelper.php file until a patch is available. As a temporary workaround, avoid using the vulnerable helper.json file replacement mechanism to minimize the risk of exploitation.