go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

SUNNET WMPro - SQL Injection

TVN ID TVN-202309011
CVE ID CVE-2023-35851
CVSS 7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products WMPro: V5
Description SUNNET WMPro protal's FAQ function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL command to obtain sensitive information via database.
Solution Update version to the latest one or contact SUNNET support team
Credit Fi Liu(CHT Security)
Public Date 2023-09-20
Top