Sun.Net

Ehrd Ctms

14 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.9

CVE-2025-9570

  • EPSS 0.05%
  • Veröffentlicht 01.09.2025 02:46:39
  • Zuletzt bearbeitet 25.09.2025 14:18:25

The eHRD CTMS developed by Sunnet has an Arbitrary File Reading vulnerability, allowing remote attackers with administrator privileges to exploit Relative Path Traversal to download arbitrary system files.

6.1

CVE-2025-9569

  • EPSS 0.05%
  • Veröffentlicht 01.09.2025 02:42:49
  • Zuletzt bearbeitet 25.09.2025 14:18:03

The eHRD developed by Sunnet has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.

6.1

CVE-2025-9568

  • EPSS 0.05%
  • Veröffentlicht 01.09.2025 02:40:33
  • Zuletzt bearbeitet 25.09.2025 14:18:31

The eHRD developed by Sunnet has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.

6.1

CVE-2025-9567

  • EPSS 0.05%
  • Veröffentlicht 01.09.2025 02:32:27
  • Zuletzt bearbeitet 25.09.2025 14:18:08

The eHRD developed by Sunnet has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.

9.8

CVE-2025-54946

  • EPSS 0.09%
  • Veröffentlicht 30.08.2025 04:15:57
  • Zuletzt bearbeitet 30.01.2026 04:15:49

A SQL injection vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary SQL commands.

9.8

CVE-2025-54945

  • EPSS 0.19%
  • Veröffentlicht 30.08.2025 03:50:54
  • Zuletzt bearbeitet 30.01.2026 04:15:49

An external control of file name or path vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary system commands via a malicious file by controlling the destination file path.

9.8

CVE-2025-54944

  • EPSS 0.38%
  • Veröffentlicht 30.08.2025 03:45:58
  • Zuletzt bearbeitet 30.01.2026 04:15:49

An unrestricted upload of file with dangerous type vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to write malicious code in a specific file, which may lead to arbitrary code execution.

9.8

CVE-2025-54943

  • EPSS 0.18%
  • Veröffentlicht 30.08.2025 03:42:00
  • Zuletzt bearbeitet 30.01.2026 04:15:48

A missing authorization vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to perform unauthorized application deployment due to the absence of proper access control checks.

9.8

CVE-2025-54942

  • EPSS 0.22%
  • Veröffentlicht 30.08.2025 03:37:02
  • Zuletzt bearbeitet 30.01.2026 05:16:12

A missing authentication for critical function vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to access deployment functionality without prior authentication.

6.5

CVE-2025-3707

  • EPSS 0.17%
  • Veröffentlicht 02.05.2025 02:50:33
  • Zuletzt bearbeitet 07.05.2025 16:50:32

The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing remote attackers with regular privileges to inject arbitrary SQL command to read database contents.