Sunnet eHRD has broken access control vulnerability, which allows a remote attacker to access account management page after being authenticated as a general user, then perform privilege escalation to execute arbitrary code and control the system or interrupt...
8.8CVSS
9AI Score
0.002EPSS
Sunnet eHRD e-mail delivery task scheduleโs serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt...
8.8CVSS
8.9AI Score
0.003EPSS
Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download system...
7.5CVSS
7.5AI Score
0.003EPSS
Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting (XSS), attackers can inject arbitrary command into the system and launch XSS...
6.1CVSS
6AI Score
0.001EPSS
Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. After login, attackers can use a specific URL, access unauthorized functionality and...
8.1CVSS
6.4AI Score
0.001EPSS
Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential...
7.5CVSS
7.5AI Score
0.001EPSS