83 matches found
CVE-2021-43359
CVE-2021-43359 affects Sunnet eHRD (SunChat Technology) and is described as a broken access control vulnerability. The affected component is the account management area, where an attacker authenticated as a general user can access that page and then perform privilege escalation to execute arbitra...
CVE-2021-43358
CVE-2021-43358 affects Sunnet eHRD (SunChat Technology Inc.). The vulnerability arises from inadequate filtering of special characters in URLs, enabling a remote, unauthenticated attacker to perform path traversal, access restricted paths, and download system files. Documented impact aligns with ...
CVE-2021-43358 Sunnet eHRD - Path Traversal
Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download system files...
旭聊科技 Sunnet eHRD 代码问题漏洞
Sunnet eHRD is a talent management system from Sun Chat Technology, Taiwan, China. The system supports talent management and performance management, etc. An insecure deserialization vulnerability exists in Sunnet eHRD, which stems from the inadequate input object validation and restriction of the...
Sunnet eHRD 安全漏洞
Sunnet eHRD is a talent management system from SunChat Technology, Taiwan, China. The system supports talent management and performance management, etc. Sunnet eHRD has an access control error vulnerability, which can be exploited by an attacker to access the account management page after...
CVE-2021-43358
Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download system files...
CVE-2021-43360
Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt services...
CVE-2020-10509
Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting XSS, attackers can inject arbitrary command into the system and launch XSS attack...
CVE-2020-10509
Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting XSS, attackers can inject arbitrary command into the system and launch XSS attack...
CVE-2020-10510
Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. After login, attackers can use a specific URL, access unauthorized functionality and data...
CVE-2020-10508
Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information...
CVE-2020-10508
Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information...
Improper access control
Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. After login, attackers can use a specific URL, access unauthorized functionality and data...
Information disclosure
Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information...
Cross site scripting
Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting XSS, attackers can inject arbitrary command into the system and launch XSS attack...
CVE-2020-10510 Sunnet eHRD - Broken Access Control
Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. After login, attackers can use a specific URL, access unauthorized functionality and data...
CVE-2020-10510
CVE-2020-10510 affects Sunnet eHRD (human training and development management system). According to the provided documents, it involves Broken Access Control where, after login, an attacker can access an unauthorized URL to reach restricted functionality and data. The CVSS metrics from NVD indica...
CVE-2020-10509 Sunnet eHRD - Cross-Site Scripting
Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting XSS, attackers can inject arbitrary command into the system and launch XSS attack...
CVE-2020-10508 Sunnet eHRD - Sensitive Data Exposure
Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information...
CVE-2020-10509
CVE-2020-10509 affects Sunnet eHRD (Web application). The connected CNVD entry reports a Cross-Site Scripting (XSS) vulnerability caused by lack of proper validation of client-side data in the WEB application, allowing an attacker to execute client-side code via XSS. NVD reiterates XSS with injec...