WMPro
by Sun.net
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-11062 | Cri | 0.64 | 9.8 | 0.06 | Jul 11, 2019 | The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Injection via "/teach/course/doajaxfileupload.php". The target server can be exploited without authentication. | ||
| CVE-2023-35851 | Hig | 0.49 | 7.5 | 0.01 | Sep 18, 2023 | SUNNET WMPro portal's FAQ function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to obtain sensitive information via a database. | ||
| CVE-2023-35850 | Hig | 0.47 | 7.2 | 0.01 | Sep 18, 2023 | SUNNET WMPro portal's file management function has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege or a privileged account can exploit this vulnerability to inject and execute arbitrary system commands to perform… | ||
| CVE-2025-15226 | 0.00 | — | 0.01 | Dec 29, 2025 | WMPro developed by Sunnet has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server. | |||
| CVE-2025-15225 | 0.00 | — | 0.00 | Dec 29, 2025 | WMPro developed by Sunnet has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to read arbitrary system files. |
- risk 0.64cvss 9.8epss 0.06
The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Injection via "/teach/course/doajaxfileupload.php". The target server can be exploited without authentication.
- risk 0.49cvss 7.5epss 0.01
SUNNET WMPro portal's FAQ function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to obtain sensitive information via a database.
- risk 0.47cvss 7.2epss 0.01
SUNNET WMPro portal's file management function has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege or a privileged account can exploit this vulnerability to inject and execute arbitrary system commands to perform…
- CVE-2025-15226Dec 29, 2025risk 0.00cvss —epss 0.01
WMPro developed by Sunnet has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
- CVE-2025-15225Dec 29, 2025risk 0.00cvss —epss 0.00
WMPro developed by Sunnet has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to read arbitrary system files.