Lucene search
+L

83 matches found

CVE
CVE
added 2021/12/01 2:0 a.m.51 views

CVE-2021-43359

CVE-2021-43359 affects Sunnet eHRD (SunChat Technology) and is described as a broken access control vulnerability. The affected component is the account management area, where an attacker authenticated as a general user can access that page and then perform privilege escalation to execute arbitra...

9CVSS9.1AI score0.02394EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/12/01 2:0 a.m.46 views

CVE-2021-43358

CVE-2021-43358 affects Sunnet eHRD (SunChat Technology Inc.). The vulnerability arises from inadequate filtering of special characters in URLs, enabling a remote, unauthenticated attacker to perform path traversal, access restricted paths, and download system files. Documented impact aligns with ...

7.8CVSS7.5AI score0.02294EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/12/01 2:0 a.m.28 views

CVE-2021-43358 Sunnet eHRD - Path Traversal

Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download system files...

7.5CVSS7.7AI score0.02294EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/12/01 12:0 a.m.5 views

旭聊科技 Sunnet eHRD 代码问题漏洞

Sunnet eHRD is a talent management system from Sun Chat Technology, Taiwan, China. The system supports talent management and performance management, etc. An insecure deserialization vulnerability exists in Sunnet eHRD, which stems from the inadequate input object validation and restriction of the...

9CVSS6.2AI score0.02328EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/12/01 12:0 a.m.6 views

Sunnet eHRD 安全漏洞

Sunnet eHRD is a talent management system from SunChat Technology, Taiwan, China. The system supports talent management and performance management, etc. Sunnet eHRD has an access control error vulnerability, which can be exploited by an attacker to access the account management page after...

9CVSS6AI score0.02394EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2021/11/30 1:40 a.m.2 views

CVE-2021-43358

Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download system files...

7.8CVSS7.2AI score0.02294EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/11/30 1:40 a.m.3 views

CVE-2021-43360

Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt services...

9CVSS7.7AI score0.02328EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2020/03/27 8:15 a.m.1 views

CVE-2020-10509

Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting XSS, attackers can inject arbitrary command into the system and launch XSS attack...

6.1CVSS6.5AI score
Exploits0References2
NVD
NVD
added 2020/03/27 8:15 a.m.26 views

CVE-2020-10509

Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting XSS, attackers can inject arbitrary command into the system and launch XSS attack...

6.1CVSS6.1AI score0.00835EPSS
Exploits0References2
NVD
NVD
added 2020/03/27 8:15 a.m.22 views

CVE-2020-10510

Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. After login, attackers can use a specific URL, access unauthorized functionality and data...

8.1CVSS8.1AI score0.01058EPSS
Exploits0References2
OSV
OSV
added 2020/03/27 8:15 a.m.4 views

CVE-2020-10508

Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information...

7.5CVSS7.1AI score0.0147EPSS
Exploits0References2
NVD
NVD
added 2020/03/27 8:15 a.m.24 views

CVE-2020-10508

Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information...

7.5CVSS7.5AI score0.0147EPSS
Exploits0References2
Prion
Prion
added 2020/03/27 8:15 a.m.17 views

Improper access control

Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. After login, attackers can use a specific URL, access unauthorized functionality and data...

4CVSS6.5AI score0.01058EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2020/03/27 8:15 a.m.18 views

Information disclosure

Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information...

5CVSS7.5AI score0.0147EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2020/03/27 8:15 a.m.16 views

Cross site scripting

Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting XSS, attackers can inject arbitrary command into the system and launch XSS attack...

4.3CVSS6AI score0.00835EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/03/27 7:35 a.m.25 views

CVE-2020-10510 Sunnet eHRD - Broken Access Control

Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. After login, attackers can use a specific URL, access unauthorized functionality and data...

8.1CVSS8.1AI score0.01058EPSS
Exploits0References2
CVE
CVE
added 2020/03/27 7:35 a.m.71 views

CVE-2020-10510

CVE-2020-10510 affects Sunnet eHRD (human training and development management system). According to the provided documents, it involves Broken Access Control where, after login, an attacker can access an unauthorized URL to reach restricted functionality and data. The CVSS metrics from NVD indica...

8.1CVSS6.8AI score0.01058EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/03/27 7:35 a.m.20 views

CVE-2020-10509 Sunnet eHRD - Cross-Site Scripting

Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting XSS, attackers can inject arbitrary command into the system and launch XSS attack...

6.1CVSS6.1AI score0.00835EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/03/27 7:35 a.m.23 views

CVE-2020-10508 Sunnet eHRD - Sensitive Data Exposure

Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information...

7.5CVSS7.5AI score0.0147EPSS
Exploits0References2
CVE
CVE
added 2020/03/27 7:35 a.m.79 views

CVE-2020-10509

CVE-2020-10509 affects Sunnet eHRD (Web application). The connected CNVD entry reports a Cross-Site Scripting (XSS) vulnerability caused by lack of proper validation of client-side data in the WEB application, allowing an attacker to execute client-side code via XSS. NVD reiterates XSS with injec...

6.1CVSS6.1AI score0.00835EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder