204 matches found
CVE-2025-9570 Sunnet|eHRD CTMS - Arbitrary File Reading through Path Traversal
The eHRD CTMS developed by Sunnet has an Arbitrary File Reading vulnerability, allowing remote attackers with administrator privileges to exploit Relative Path Traversal to download arbitrary system files...
CVE-2025-9570
Summary of findings for CVE-2025-9570 (Sunnet eHRD CTMS) : The eHRD CTMS product from Sunnet is affected by an Arbitrary File Reading vulnerability caused by a Relative Path Traversal flaw in the file handling logic. This could allow remote attackers with administrator privileges to download arbi...
CVE-2025-9570 Sunnet|eHRD CTMS - Arbitrary File Reading through Path Traversal
The eHRD CTMS developed by Sunnet has an Arbitrary File Reading vulnerability, allowing remote attackers with administrator privileges to exploit Relative Path Traversal to download arbitrary system files...
CVE-2025-9569
Sunnet eHRD CTMS (Sunnet) has a Reflected Cross-site Scripting vulnerability (CVE-2025-9569). The issue is exploitable via phishing, where unauthenticated remote attackers can cause a user’s browser to execute arbitrary JavaScript. Affected component is the web interface; root cause is reflected ...
CVE-2025-9569 Sunnet|eHRD CTMS - Reflected Cross-site Scripting
The eHRD developed by Sunnet has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks...
CVE-2025-9568
CVE-2025-9568 concerns Sunnet’s eHRD CTMS, reported as a Reflected Cross‑Site Scripting vulnerability. The issue enables unauthenticated remote attackers to run arbitrary JavaScript in a user’s browser via phishing, via a reflected XSS vector. The connected documents consistently describe the vul...
CVE-2025-9568 Sunnet|eHRD CTMS - Reflected Cross-site Scripting
The eHRD developed by Sunnet has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks...
CVE-2025-9567 Sunnet|eHRD CTMS - Reflected Cross-site Scripting
The eHRD developed by Sunnet has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks...
PT-2025-35439
Name of the Vulnerable Software and Affected Versions: Sunnet eHRD affected versions not specified Description: The eHRD platform developed by Sunnet is susceptible to a Reflected Cross-site Scripting issue. This allows unauthenticated remote attackers to execute arbitrary JavaScript code in a...
PT-2025-35440
The eHRD developed by Sunnet has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks...
Sunnet eHRD CTMS 跨站脚本漏洞
Sunnet eHRD CTMS is a Human Resource Development and Clinical Training Management System from Sunnet China Sunnet. A cross-site scripting vulnerability exists in Sunnet eHRD CTMS that stems from a reflective cross-site scripting issue that could lead to arbitrary JavaScript code execution...
Sunnet eHRD CTMS 安全漏洞
Sunnet eHRD CTMS is a Human Resource Development and Clinical Training Management System from Sunnet China Sunnet. A security vulnerability exists in Sunnet eHRD CTMS that stems from a relative path traversal issue that could lead to arbitrary file reads...
Sunnet eHRD CTMS 跨站脚本漏洞
Sunnet eHRD CTMS is a Human Resource Development and Clinical Training Management System from Sunnet China Sunnet. A cross-site scripting vulnerability exists in Sunnet eHRD CTMS that stems from a reflective cross-site scripting issue that could lead to arbitrary JavaScript code execution...
Sunnet eHRD CTMS 跨站脚本漏洞
Sunnet eHRD CTMS is a Human Resource Development and Clinical Training Management System from Sunnet China Sunnet. A cross-site scripting vulnerability exists in Sunnet eHRD CTMS that stems from a reflective cross-site scripting issue that could lead to arbitrary JavaScript code execution...
PT-2025-35438
Name of the Vulnerable Software and Affected Versions: Sunnet eHRD affected versions not specified Description: The eHRD platform contains a reflected cross-site scripting issue. This allows unauthenticated remote attackers to execute arbitrary JavaScript code in a user's browser through phishing...
CVE-2025-54946
A SQL injection vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary SQL commands...
CVE-2025-54945
An external control of file name or path vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary system commands via a malicious file by controlling the destination file path...
CVE-2025-54946
A SQL injection vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary SQL commands...
CVE-2025-54945
An external control of file name or path vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary system commands via a malicious file by controlling the destination file path...
CVE-2025-54944
An unrestricted upload of file with dangerous type vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to write malicious code in a specific file, which may lead to arbitrary code execution...