CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35851 – SUNNET WMPro - SQL Injection
https://notcve.org/view.php?id=CVE-2023-35851
18 Sep 2023 — SUNNET WMPro portal's FAQ function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to obtain sensitive information via a database. La función de preguntas frecuentes del portal SUNNET WMPro no tiene una validación suficiente para la entrada del usuario. Un atacante remoto no autenticado puede inyectar comandos SQL arbitrarios para obtener información sensible a través de una base de datos. • https://www.twcert.org.tw/tw/cp-132-7372-3994a-1.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35850 – SUNNET WMPro - Command Injection
https://notcve.org/view.php?id=CVE-2023-35850
18 Sep 2023 — SUNNET WMPro portal's file management function has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege or a privileged account can exploit this vulnerability to inject and execute arbitrary system commands to perform arbitrary system operations or disrupt service. La función de administración de archivos del portal SUNNET WMPro tiene una vulnerabilidad de filtrado insuficiente para la entrada del usuario. Un atacante remoto con privilegios de administrado... • https://www.twcert.org.tw/tw/cp-132-7373-4ef46-1.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24836 – SUNNET CTMS - Path Traversal
https://notcve.org/view.php?id=CVE-2023-24836
27 Apr 2023 — SUNNET CTMS has vulnerability of path traversal within its file uploading function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary directories to perform arbitrary system operation or disrupt service. • https://www.twcert.org.tw/tw/cp-132-7033-878ab-1.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 5%CPEs: 2EXPL: 1CVE-2019-11062 – SUNNET WMPro v5.0 and v5.1 has OS Command Injection
https://notcve.org/view.php?id=CVE-2019-11062
11 Jul 2019 — The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Injection via "/teach/course/doajaxfileupload.php". The target server can be exploited without authentication. El sistema SUNNET WMPro v5.0 y v5.1 para eLearning tiene la inyección de comandos del sistema operativo a través de "/teach/course/doajaxfileupload.php". El servidor de destino se puede explotar sin autenticación • http://surl.twcert.org.tw/hLFFM • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 36%CPEs: 165EXPL: 2CVE-2008-0960 – SNMPv3 - HMAC Validation error Remote Authentication Bypass
https://notcve.org/view.php?id=CVE-2008-0960
10 Jun 2008 — SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relie... • https://www.exploit-db.com/exploits/5790 • CWE-287: Improper Authentication •