Corporate Training Management System
by Sun.net
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-54946 | 0.00 | — | 0.00 | Aug 30, 2025 | A SQL injection vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary SQL commands. | |||
| CVE-2025-54945 | 0.00 | — | 0.00 | Aug 30, 2025 | An external control of file name or path vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary system commands via a malicious file by controlling the destination file path. | |||
| CVE-2025-54944 | 0.00 | — | 0.00 | Aug 30, 2025 | An unrestricted upload of file with dangerous type vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to write malicious code in a specific file, which may lead to arbitrary code execution. | |||
| CVE-2025-54943 | 0.00 | — | 0.00 | Aug 30, 2025 | A missing authorization vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to perform unauthorized application deployment due to the absence of proper access control checks. | |||
| CVE-2025-54942 | 0.00 | — | 0.00 | Aug 30, 2025 | A missing authentication for critical function vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to access deployment functionality without prior authentication. |
- CVE-2025-54946Aug 30, 2025risk 0.00cvss —epss 0.00
A SQL injection vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary SQL commands.
- CVE-2025-54945Aug 30, 2025risk 0.00cvss —epss 0.00
An external control of file name or path vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary system commands via a malicious file by controlling the destination file path.
- CVE-2025-54944Aug 30, 2025risk 0.00cvss —epss 0.00
An unrestricted upload of file with dangerous type vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to write malicious code in a specific file, which may lead to arbitrary code execution.
- CVE-2025-54943Aug 30, 2025risk 0.00cvss —epss 0.00
A missing authorization vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to perform unauthorized application deployment due to the absence of proper access control checks.
- CVE-2025-54942Aug 30, 2025risk 0.00cvss —epss 0.00
A missing authentication for critical function vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to access deployment functionality without prior authentication.