CVE-2024-10438

The eHRD CTMS from Sunnet has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to bypass authentication by satisfying specific conditions in order to access certain functionalities...

CVE-2024-10438

The eHRD CTMS from Sunnet has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to bypass authentication by satisfying specific conditions in order to access certain functionalities...

CVE-2024-10439

The eHRD CTMS from Sunnet has an Insecure Direct Object Reference IDOR vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to access arbitrary files uploaded by any user...

CVE-2024-10440

The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL command to read, modify, and delete database contents...

CVE-2024-10440 Sunnet eHRD CTMS - SQL Injection

The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL command to read, modify, and delete database contents...

CVE-2024-10440 Sunnet eHRD CTMS - SQL Injection

The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL command to read, modify, and delete database contents...

CVE-2024-10440

Affected product: Sunnet eHDR CTMS. Vulnerability: SQL Injection allowing unauthenticated remote attackers to inject arbitrary SQL to read, modify, and delete database contents. Impact: High on confidentiality, integrity, and availability (CVSS v3.1 base score 9.8). References: TWCERT entries. Ex...

CVE-2024-10439 Sunnet eHRD CTMS - Insecure Direct Object Reference

The eHRD CTMS from Sunnet has an Insecure Direct Object Reference IDOR vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to access arbitrary files uploaded by any user...

CVE-2024-10439 Sunnet eHRD CTMS - Insecure Direct Object Reference

The eHRD CTMS from Sunnet has an Insecure Direct Object Reference IDOR vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to access arbitrary files uploaded by any user...

CVE-2024-10438

Sunnet eHRD CTMS is affected by CVE-2024-10438, an authentication bypass vulnerability that enables unauthenticated remote access to certain functionalities. Public records (NVD/NVD mirrors) describe this as an authentication bypass with CVSSv3.1 metrics indicating Network attack vector, low comp...

CVE-2024-10438 Sunnet eHRD CTMS - Authentication Bypass

The eHRD CTMS from Sunnet has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to bypass authentication by satisfying specific conditions in order to access certain functionalities...

CVE-2024-10438 Sunnet eHRD CTMS - Authentication Bypass

The eHRD CTMS from Sunnet has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to bypass authentication by satisfying specific conditions in order to access certain functionalities...

Sunnet eHRD 安全漏洞

Sunnet Sunnet eHRD is a talent management system of China Sunnet Company. The system supports talent management and performance management, among others. A security vulnerability exists in Sunnet eHRD. A remote attacker can exploit the vulnerability to modify specific parameters to access arbitra...

Sunnet eHRD 安全漏洞

Sunnet Sunnet eHRD is a talent management system of China Sunnet Company. The system supports talent management and performance management, among others. A security vulnerability exists in Sunnet eHRD. An attacker can bypass authentication by exploiting the vulnerability...

Sunnet eHRD SQL注入漏洞

Sunnet Sunnet eHRD is a talent management system of China Sunnet Company. The system supports talent management and performance management, among others. Sunnet eHRD suffers from a SQL injection vulnerability. A remote attacker can exploit this vulnerability to read, modify, and delete database...

CVE-2023-35851

SUNNET WMPro portal's FAQ function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to obtain sensitive information via a database...

CVE-2023-35850

SUNNET WMPro portal's file management function has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege or a privileged account can exploit this vulnerability to inject and execute arbitrary system commands to perform arbitrary system operations...

CVE-2023-35850

SUNNET WMPro portal's file management function has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege or a privileged account can exploit this vulnerability to inject and execute arbitrary system commands to perform arbitrary system operations...

Design/Logic Flaw

SUNNET WMPro portal's file management function has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege or a privileged account can exploit this vulnerability to inject and execute arbitrary system commands to perform arbitrary system operations...

CVE-2023-35851 SUNNET WMPro - SQL Injection

SUNNET WMPro portal's FAQ function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to obtain sensitive information via a database...