TVN ID	TVN-202309011
CVE ID	CVE-2023-35851
CVSS	7.5 (High) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products	WMPro: V5
Description	SUNNET WMPro protal's FAQ function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL command to obtain sensitive information via database.
Solution	Update version to the latest one or contact SUNNET support team
Credit	Fi Liu(CHT Security)
Public Date	2023-09-20