Sunnet CTMS和Sunnet CPAS 代码问题漏洞

Sunnet CTMS and Sunnet CPAS are both products of China’s Sunnet Company. Sunnet CTMS is an enterprise training software. Sunnet CPAS is an enterprise performance management software. Both Sunnet CTMS and Sunnet CPAS have code vulnerabilities. These vulnerabilities stem from arbitrary file upload...

EUVD-2025-26257

Malicious code in bioql PyPI...

CVE-2025-54945

An external control of file name or path vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary system commands via a malicious file by controlling the destination file path...

CVE-2025-54943

A missing authorization vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to perform unauthorized application deployment due to the absence of proper access control checks...

CVE-2025-54946

A SQL injection vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary SQL commands...

CVE-2025-54945

An external control of file name or path vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary system commands via a malicious file by controlling the destination file path...

CVE-2025-54946

A SQL injection vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary SQL commands...

CVE-2025-54944

An unrestricted upload of file with dangerous type vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to write malicious code in a specific file, which may lead to arbitrary code execution...

CVE-2025-54944

An unrestricted upload of file with dangerous type vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to write malicious code in a specific file, which may lead to arbitrary code execution...

CVE-2025-54943

A missing authorization vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to perform unauthorized application deployment due to the absence of proper access control checks...

CVE-2025-54942

A missing authentication for critical function vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to access deployment functionality without prior authentication...

CVE-2025-54946 SUNNET Corporate Training Management System - SQL Injection

A SQL injection vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary SQL commands...

CVE-2025-54945 SUNNET Corporate Training Management System - External Control of File Name or Path

An external control of file name or path vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary system commands via a malicious file by controlling the destination file path...

CVE-2025-54944 SUNNET Corporate Training Management System - Unrestricted Upload of File with Dangerous Type

An unrestricted upload of file with dangerous type vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to write malicious code in a specific file, which may lead to arbitrary code execution...

CVE-2025-54942 SUNNET Corporate Training Management System - Missing Authentication for Critical Function

A missing authentication for critical function vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to access deployment functionality without prior authentication...

SUNNET Corporate Training Management System 安全漏洞

SUNNET Corporate Training Management System is a corporate training management system from SUNNET. A security vulnerability exists in SUNNET Corporate Training Management System versions prior to 10.11, which originates from an external control over file names or paths and could lead to the...

SUNNET Corporate Training Management System 安全漏洞

SUNNET Corporate Training Management System is a corporate training management system from SUNNET. A security vulnerability exists in SUNNET Corporate Training Management System versions prior to 10.11, which stems from a lack of authentication for critical functionality, which could allow a remo...

PT-2025-35339

Name of the Vulnerable Software and Affected Versions SUNNET Corporate Training Management System versions prior to 10.11 Description A file name or path vulnerability exists in SUNNET Corporate Training Management System that allows remote attackers to execute arbitrary system commands via a...

PT-2025-35336

Name of the Vulnerable Software and Affected Versions SUNNET Corporate Training Management System versions prior to 10.11 Description A missing authentication check for a critical function allows remote attackers to access deployment functionality without authentication. Recommendations Update to...