CVE-2023-35851 SUNNET WMPro - SQL Injection

SUNNET WMPro portal's FAQ function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to obtain sensitive information via a database...

CVE-2023-35851

CVE-2023-35851 affects SUNNET WMPro portal, specifically the FAQ function. The vulnerability results from insufficient validation of user input, enabling an unauthenticated remote attacker to inject arbitrary SQL commands and obtain sensitive information from the database. This is described acros...

CVE-2023-35850 SUNNET WMPro - Command Injection

SUNNET WMPro portal's file management function has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege or a privileged account can exploit this vulnerability to inject and execute arbitrary system commands to perform arbitrary system operations...

CVE-2023-35850

The CVE-2023-35850 case affects SUNNET WMPro portal's file management function. The vulnerability is caused by insufficient filtering of user input, enabling an OS command injection. A remote attacker with administrator or privileged access can inject and execute arbitrary system commands to perf...

CVE-2023-35850 SUNNET WMPro - Command Injection

SUNNET WMPro portal's file management function has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege or a privileged account can exploit this vulnerability to inject and execute arbitrary system commands to perform arbitrary system operations...

PT-2023-25345 · Unknown · Sunnet Wmpro Portal

Name of the Vulnerable Software and Affected Versions: SUNNET WMPro portal affected versions not specified Description: The SUNNET WMPro portal's FAQ function has insufficient validation for user input, allowing an unauthenticated remote attacker to inject arbitrary SQL commands and obtain...

SUNNET WMPro Operating System Command Injection Vulnerability

SUNNET SUNNET WMPro is an online learning platform from Taiwan-based SUNNET. An OS command injection vulnerability exists in SUNNET WMPro V5, which is caused by insufficient filtering of user input in the file management function, resulting in an OS command injection vulnerability...

SUNNET WMPro SQL Injection Vulnerability

SUNNET SUNNET WMPro is a set of online learning platform from Taiwan-based SUNNET. A SQL injection vulnerability exists in SUNNET WMPro V5, which is caused by insufficient filtering of user input in the FAQ function, resulting in a SQL injection vulnerability...

CVE-2023-24836

SUNNET CTMS has vulnerability of path traversal within its file uploading function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary directories to perform arbitrary system operation or disrupt service...

CVE-2023-24836

SUNNET CTMS has vulnerability of path traversal within its file uploading function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary directories to perform arbitrary system operation or disrupt service...

CVE-2023-24836

CVE-2023-24836 affects SUNNET CTMS. The vulnerability is a path traversal flaw in the file-uploading function that an authenticated remote attacker with general user privileges can exploit to upload and execute scripts in arbitrary directories, enabling arbitrary system operations or service disr...

SUNNET CTMS 路径遍历漏洞

SUNNET SUNNET CTMS is a learning platform from Taiwan-based SUNNET Technology Corporation. SUNNET CTMS suffers from a path traversal vulnerability, which originates from the presence of a path traversal vulnerability that can be exploited by an authenticated, remote attacker with general user...

CVE-2023-24836 SUNNET CTMS - Path Traversal

SUNNET CTMS has vulnerability of path traversal within its file uploading function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary directories to perform arbitrary system operation or disrupt service...

PT-2023-19816 · Unknown · Sunnet Ctms

Name of the Vulnerable Software and Affected Versions: SUNNET CTMS affected versions not specified Description: The issue is related to a path traversal vulnerability within the file uploading function of SUNNET CTMS. This allows an authenticated remote attacker with general user privileges to...

CVE-2023-24836 SUNNET CTMS - Path Traversal

SUNNET CTMS has vulnerability of path traversal within its file uploading function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary directories to perform arbitrary system operation or disrupt service...

Sunnet eHRD Access Control Error Vulnerability

Sunnet eHRD is a talent management system from SunChat Technology, Taiwan, China. The system supports talent management and performance management, etc. Sunnet eHRD has an access control error vulnerability, which can be exploited by an attacker to access the account management page after...

Sunnet eHRD path traversal vulnerability

Sunnet eHRD is a talent management system from SunChat Technology Inc. of Taiwan, China. The system supports talent management and performance management, etc. Sunnet eHRD has a path traversal vulnerability, which can be exploited by attackers to conduct a path traversal attack to access restrict...

Sunnet eHRD Insecure Deserialization Vulnerability

Sunnet eHRD is a talent management system from Sun Chat Technology, Taiwan, China. The system supports talent management and performance management, etc. An insecure deserialization vulnerability exists in Sunnet eHRD, which stems from the inadequate input object validation and restriction of the...

CVE-2021-43360

Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt services...

CVE-2021-43359

Sunnet eHRD has broken access control vulnerability, which allows a remote attacker to access account management page after being authenticated as a general user, then perform privilege escalation to execute arbitrary code and control the system or interrupt services...