SUNNET WMPro Operating System Command Injection Vulnerability

SUNNET SUNNET WMPro is an online learning platform from Taiwan-based SUNNET. An OS command injection vulnerability exists in SUNNET WMPro V5, which is caused by insufficient filtering of user input in the file management function, resulting in an OS command injection vulnerability...

SUNNET WMPro SQL Injection Vulnerability

SUNNET SUNNET WMPro is a set of online learning platform from Taiwan-based SUNNET. A SQL injection vulnerability exists in SUNNET WMPro V5, which is caused by insufficient filtering of user input in the FAQ function, resulting in a SQL injection vulnerability...

CVE-2019-11062

The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Injection via "/teach/course/doajaxfileupload.php". The target server can be exploited without authentication...

Command injection

The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Injection via "/teach/course/doajaxfileupload.php". The target server can be exploited without authentication...

CVE-2019-11062 SUNNET WMPro v5.0 and v5.1 has OS Command Injection

The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Injection via "/teach/course/doajaxfileupload.php". The target server can be exploited without authentication...

CVE-2019-11062

The CVE-2019-11062 entry affects SUNNET WMPro v5.0 and v5.1 for the eLearning system. Affected component: the API endpoint /teach/course/doajaxfileupload.php, where OS Command Injection is possible. Root cause described as unauthenticated remote command execution on the target server. Impact is h...

PT-2019-12159 · Sunnet · Sunnet Wmpro

Name of the Vulnerable Software and Affected Versions: SUNNET WMPro versions 5.0 through 5.1 Description: The issue concerns an OS Command Injection vulnerability. It can be exploited via the "/teach/course/doajaxfileupload.php" API endpoint without requiring authentication. Recommendations: For...