本ページは sun.net wmpro に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-15226 | WMPro developed by Sunnet has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server. | [email protected] | 9.3 | 0.51% | 2025-12-29 | 2025-12-31 |
| CVE-2025-15225 | WMPro developed by Sunnet has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to read arbitrary system files. | [email protected] | 8.7 | 0.46% | 2025-12-29 | 2025-12-31 |
| CVE-2023-35851 | SUNNET WMPro portal's FAQ function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to obtain sensitive information via a database. | [email protected] | 7.5 | 0.60% | 2023-09-18 | 2024-11-21 |
| CVE-2023-35850 | SUNNET WMPro portal's file management function has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege or a privileged account can exploit this vulnerability to inject and execute arbitrary system commands to perform arbitrary system operations or disrupt service. | [email protected] | 7.2 | 0.69% | 2023-09-18 | 2024-11-21 |
| CVE-2019-11062 | The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Injection via "/teach/course/doajaxfileupload.php". The target server can be exploited without authentication. | [email protected] | 9.8 | 5.70% | 2019-07-11 | 2024-11-21 |