Vulnerabilities > CVE-2023-35851 - Unspecified vulnerability in Sun.Net Wmpro 5.0

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

sun-net

NVD

Published: 2023-09-18

Updated: 2024-11-21

Summary

SUNNET WMPro portal's FAQ function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to obtain sensitive information via a database.

Vulnerable Configurations

Part	Description	Count
Application	Sun.Net Sun.Net Wmpro 5.0	1

References

https://www.twcert.org.tw/tw/cp-132-7372-3994a-1.html
https://www.twcert.org.tw/tw/cp-132-7372-3994a-1.html