5 matches found
CVE-2019-11062
The CVE-2019-11062 entry affects SUNNET WMPro v5.0 and v5.1 for the eLearning system. Affected component: the API endpoint /teach/course/doajaxfileupload.php, where OS Command Injection is possible. Root cause described as unauthenticated remote command execution on the target server. Impact is h...
CVE-2023-35850
The CVE-2023-35850 case affects SUNNET WMPro portal's file management function. The vulnerability is caused by insufficient filtering of user input, enabling an OS command injection. A remote attacker with administrator or privileged access can inject and execute arbitrary system commands to perf...
CVE-2023-35851
CVE-2023-35851 affects SUNNET WMPro portal, specifically the FAQ function. The vulnerability results from insufficient validation of user input, enabling an unauthenticated remote attacker to inject arbitrary SQL commands and obtain sensitive information from the database. This is described acros...
CVE-2025-15225
WMPro by Sunnet is affected by an Arbitrary File Read vulnerability exploitable via Relative Path Traversal. The issue allows unauthenticated remote attackers to read arbitrary system files. Available documents consistently describe the vulnerability class and impact but do not specify affected v...
CVE-2025-15226
CVE-2025-15226 concerns WMPro by Sunnet, where an Arbitrary File Upload vulnerability allows unauthenticated remote attackers to upload and execute a web shell on the server, enabling arbitrary code execution . The vulnerability is described in multiple feeds (NVD/Red Hat/CIRCL/etc.) with no spec...