Vulnerabilities > SUN NET

DATE CVE VULNERABILITY TITLE RISK
2024-10-28 CVE-2024-10438 Authentication Bypass Using an Alternate Path or Channel vulnerability in Sun.Net Ehdr Ctms
The eHRD CTMS from Sunnet has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to bypass authentication by satisfying specific conditions in order to access certain functionalities.
network
low complexity
sun-net CWE-288
7.5
7.5
2024-10-28 CVE-2024-10439 Authorization Bypass Through User-Controlled Key vulnerability in Sun.Net Ehdr Ctms
The eHRD CTMS from Sunnet has an Insecure Direct Object Reference (IDOR) vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to access arbitrary files uploaded by any user.
network
low complexity
sun-net CWE-639
7.5
7.5
2024-10-28 CVE-2024-10440 SQL Injection vulnerability in Sun.Net Ehdr Ctms
The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL command to read, modify, and delete database contents.
network
low complexity
sun-net CWE-89
critical
 9.8
9.8
2023-09-18 CVE-2023-35850 OS Command Injection vulnerability in Sun.Net Wmpro 5.0
SUNNET WMPro portal's file management function has a vulnerability of insufficient filtering for user input.
network
low complexity
sun-net CWE-78
7.2
7.2
2023-09-18 CVE-2023-35851 SQL Injection vulnerability in Sun.Net Wmpro 5.0
SUNNET WMPro portal's FAQ function has insufficient validation for user input.
network
low complexity
sun-net CWE-89
7.5
7.5
2023-04-27 CVE-2023-24836 Path Traversal vulnerability in Sun.Net Ctms 7.01227
SUNNET CTMS has vulnerability of path traversal within its file uploading function.
network
low complexity
sun-net CWE-22
8.8
8.8
2019-07-11 CVE-2019-11062 OS Command Injection vulnerability in Sun.Net Wmpro 5.0/5.1
The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Injection via "/teach/course/doajaxfileupload.php".
network
low complexity
sun-net CWE-78
critical
 9.8
9.8