CVE-2025-54944

Medium CVSS: 6.9

An unrestricted upload of file with dangerous type vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to write malicious code in a specific file, which may lead to arbitrary code execution.

Vendor

Sun.net

Product

Ehrd Ctms

CWE

CWE-434

Yayın Tarihi

2025-08-30 04:15:56

Güncelleme

2026-01-30 04:15:49

Source Identifier

ART@zuso.ai

KEV Date Added

Kategoriler

CWE-434 Ehrd Ctms MEDIUM Sun.net 2025

Referanslar

https://zuso.ai/advisory/za-2025-12

Benzer Kayıtlar

High

CVE-2025-15225

WMPro developed by Sunnet has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit…

Critical

CVE-2025-15226

WMPro developed by Sunnet has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload…

Medium

CVE-2025-9570

The eHRD CTMS developed by Sunnet has an Arbitrary File Reading vulnerability, allowing remote attackers with administra…

Medium

CVE-2025-9567

The eHRD developed by Sunnet has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attacke…

Medium

CVE-2025-9568

The eHRD developed by Sunnet has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attacke…

Medium

CVE-2025-9569

The eHRD developed by Sunnet has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attacke…