CVE-2023-35851

SUNNET WMPro portal's FAQ function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to obtain sensitive information via a database...

CVE-2023-35851

SUNNET WMPro portal's FAQ function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to obtain sensitive information via a database...

CVE-2023-35850

SUNNET WMPro portal's file management function has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege or a privileged account can exploit this vulnerability to inject and execute arbitrary system commands to perform arbitrary system operations...

CVE-2023-35850

SUNNET WMPro portal's file management function has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege or a privileged account can exploit this vulnerability to inject and execute arbitrary system commands to perform arbitrary system operations...

Design/Logic Flaw

SUNNET WMPro portal's file management function has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege or a privileged account can exploit this vulnerability to inject and execute arbitrary system commands to perform arbitrary system operations...

CVE-2023-35851

CVE-2023-35851 affects SUNNET WMPro portal, specifically the FAQ function. The vulnerability results from insufficient validation of user input, enabling an unauthenticated remote attacker to inject arbitrary SQL commands and obtain sensitive information from the database. This is described acros...

CVE-2023-35851 SUNNET WMPro - SQL Injection

SUNNET WMPro portal's FAQ function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to obtain sensitive information via a database...

CVE-2023-35851 SUNNET WMPro - SQL Injection

SUNNET WMPro portal's FAQ function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to obtain sensitive information via a database...

CVE-2023-35850

The CVE-2023-35850 case affects SUNNET WMPro portal's file management function. The vulnerability is caused by insufficient filtering of user input, enabling an OS command injection. A remote attacker with administrator or privileged access can inject and execute arbitrary system commands to perf...

CVE-2023-35850 SUNNET WMPro - Command Injection

SUNNET WMPro portal's file management function has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege or a privileged account can exploit this vulnerability to inject and execute arbitrary system commands to perform arbitrary system operations...

CVE-2023-35850 SUNNET WMPro - Command Injection

SUNNET WMPro portal's file management function has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege or a privileged account can exploit this vulnerability to inject and execute arbitrary system commands to perform arbitrary system operations...

PT-2023-25345 · Unknown · Sunnet Wmpro Portal

Name of the Vulnerable Software and Affected Versions: SUNNET WMPro portal affected versions not specified Description: The SUNNET WMPro portal's FAQ function has insufficient validation for user input, allowing an unauthenticated remote attacker to inject arbitrary SQL commands and obtain...

SUNNET WMPro Operating System Command Injection Vulnerability

SUNNET SUNNET WMPro is an online learning platform from Taiwan-based SUNNET. An OS command injection vulnerability exists in SUNNET WMPro V5, which is caused by insufficient filtering of user input in the file management function, resulting in an OS command injection vulnerability...

SUNNET WMPro SQL Injection Vulnerability

SUNNET SUNNET WMPro is a set of online learning platform from Taiwan-based SUNNET. A SQL injection vulnerability exists in SUNNET WMPro V5, which is caused by insufficient filtering of user input in the FAQ function, resulting in a SQL injection vulnerability...

CVE-2019-11062

The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Injection via "/teach/course/doajaxfileupload.php". The target server can be exploited without authentication...

CVE-2019-11062

The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Injection via "/teach/course/doajaxfileupload.php". The target server can be exploited without authentication...

Command injection

The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Injection via "/teach/course/doajaxfileupload.php". The target server can be exploited without authentication...

CVE-2019-11062

The CVE-2019-11062 entry affects SUNNET WMPro v5.0 and v5.1 for the eLearning system. Affected component: the API endpoint /teach/course/doajaxfileupload.php, where OS Command Injection is possible. Root cause described as unauthenticated remote command execution on the target server. Impact is h...

CVE-2019-11062 SUNNET WMPro v5.0 and v5.1 has OS Command Injection

The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Injection via "/teach/course/doajaxfileupload.php". The target server can be exploited without authentication...

PT-2019-12159 · Sunnet · Sunnet Wmpro

Name of the Vulnerable Software and Affected Versions: SUNNET WMPro versions 5.0 through 5.1 Description: The issue concerns an OS Command Injection vulnerability. It can be exploited via the "/teach/course/doajaxfileupload.php" API endpoint without requiring authentication. Recommendations: For...