CVE-2025-3707

Medium CVSS: 6.5

The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing remote attackers with regular privileges to inject arbitrary SQL command to read database contents.

Vendor

Sun.net

Product

Ehrd Ctms

CWE

CWE-89

Yayın Tarihi

2025-05-02 04:15:55

Güncelleme

2025-05-07 16:50:32

Source Identifier

twcert@cert.org.tw

KEV Date Added

Kategoriler

CWE-89 Ehrd Ctms MEDIUM Sun.net 2025

Referanslar

https://www.twcert.org.tw/en/cp-139-10084-d7c47-2.html https://www.twcert.org.tw/tw/cp-132-10083-4ed7f-1.html

Benzer Kayıtlar

High

CVE-2025-15225

WMPro developed by Sunnet has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit…

Critical

CVE-2025-15226

WMPro developed by Sunnet has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload…

Medium

CVE-2025-9570

The eHRD CTMS developed by Sunnet has an Arbitrary File Reading vulnerability, allowing remote attackers with administra…

Medium

CVE-2025-9567

The eHRD developed by Sunnet has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attacke…

Medium

CVE-2025-9568

The eHRD developed by Sunnet has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attacke…

Medium

CVE-2025-9569

The eHRD developed by Sunnet has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attacke…