CVE-2025-15226
- EPSS 0.51%
- Veröffentlicht 29.12.2025 06:39:27
- Zuletzt bearbeitet 31.12.2025 20:53:21
WMPro developed by Sunnet has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
CVE-2025-15225
- EPSS 0.46%
- Veröffentlicht 29.12.2025 06:31:49
- Zuletzt bearbeitet 31.12.2025 20:55:14
WMPro developed by Sunnet has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to read arbitrary system files.
CVE-2023-35851
- EPSS 0.6%
- Veröffentlicht 18.09.2023 03:15:08
- Zuletzt bearbeitet 21.11.2024 08:08:49
SUNNET WMPro portal's FAQ function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to obtain sensitive information via a database.
CVE-2023-35850
- EPSS 0.69%
- Veröffentlicht 18.09.2023 03:15:07
- Zuletzt bearbeitet 21.11.2024 08:08:49
SUNNET WMPro portal's file management function has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege or a privileged account can exploit this vulnerability to inject and execute arbitrary system...
- EPSS 5.7%
- Veröffentlicht 11.07.2019 19:15:12
- Zuletzt bearbeitet 21.11.2024 04:20:27
The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Injection via "/teach/course/doajaxfileupload.php". The target server can be exploited without authentication.