204 matches found
CVE-2021-43360
Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt services...
CVE-2021-43359
Sunnet eHRD has broken access control vulnerability, which allows a remote attacker to access account management page after being authenticated as a general user, then perform privilege escalation to execute arbitrary code and control the system or interrupt services...
CVE-2021-43358
Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download system files...
Input validation
Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt services...
CVE-2021-43360
Sunnet eHRD is a talent management system from Sun Chat Technology. The CVE-2021-43360 vulnerability affects its e-mail delivery task schedule’s serialization function, where inadequate input object validation and restriction allows a post-authenticated remote attacker with database access privil...
CVE-2021-43360 Sunnet eHRD - Insecure Deserialization
Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt services...
CVE-2021-43359
CVE-2021-43359 affects Sunnet eHRD (SunChat Technology) and is described as a broken access control vulnerability. The affected component is the account management area, where an attacker authenticated as a general user can access that page and then perform privilege escalation to execute arbitra...
CVE-2021-43359 Sunnet eHRD - Broken Access Control
Sunnet eHRD has broken access control vulnerability, which allows a remote attacker to access account management page after being authenticated as a general user, then perform privilege escalation to execute arbitrary code and control the system or interrupt services...
CVE-2021-43358 Sunnet eHRD - Path Traversal
Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download system files...
CVE-2021-43358
CVE-2021-43358 affects Sunnet eHRD (SunChat Technology Inc.). The vulnerability arises from inadequate filtering of special characters in URLs, enabling a remote, unauthenticated attacker to perform path traversal, access restricted paths, and download system files. Documented impact aligns with ...
旭聊科技 Sunnet eHRD 路径遍历漏洞
Sunnet eHRD is a talent management system from SunChat Technology Inc. of Taiwan, China. The system supports talent management and performance management, etc. Sunnet eHRD has a path traversal vulnerability, which can be exploited by attackers to conduct a path traversal attack to access restrict...
旭聊科技 Sunnet eHRD 代码问题漏洞
Sunnet eHRD is a talent management system from Sun Chat Technology, Taiwan, China. The system supports talent management and performance management, etc. An insecure deserialization vulnerability exists in Sunnet eHRD, which stems from the inadequate input object validation and restriction of the...
Sunnet eHRD 安全漏洞
Sunnet eHRD is a talent management system from SunChat Technology, Taiwan, China. The system supports talent management and performance management, etc. Sunnet eHRD has an access control error vulnerability, which can be exploited by an attacker to access the account management page after...
Sunnet eHRD Cross-Site Scripting Vulnerability
Sunnet eHRD is a talent management system from Sun Chat Technology Company in Taiwan, China. The system supports talent management and performance management, etc. A cross-site scripting vulnerability exists in Sunnet eHRD. The vulnerability stems from the lack of proper validation of client-side...
CVE-2020-10509
Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting XSS, attackers can inject arbitrary command into the system and launch XSS attack...
CVE-2020-10510
Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. After login, attackers can use a specific URL, access unauthorized functionality and data...
CVE-2020-10509
Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting XSS, attackers can inject arbitrary command into the system and launch XSS attack...
CVE-2020-10510
Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. After login, attackers can use a specific URL, access unauthorized functionality and data...
CVE-2020-10508
Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information...
CVE-2020-10508
Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information...