go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

Sunnet eHRD CTMS - SQL Injection

TVN ID TVN-202410023
CVE ID CVE-2024-10440
CVSS 9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products eHRD CTMS before version 10.0
Description The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL command to read, modify, and delete database contents.
Solution Please contact Sunnet for version updates or upgrades.
Credit Michael (DEVCORE)
Public Date 2024-10-28
Top