This page lists publicly disclosed CVE vulnerabilities affecting sun.net wmpro (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-15226 | WMPro developed by Sunnet has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server. | [email protected] | 9.3 | 0.51% | 2025-12-29 | 2025-12-31 |
| CVE-2025-15225 | WMPro developed by Sunnet has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to read arbitrary system files. | [email protected] | 8.7 | 0.07% | 2025-12-29 | 2025-12-31 |
| CVE-2023-35851 | SUNNET WMPro portal's FAQ function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to obtain sensitive information via a database. | [email protected] | 7.5 | 0.09% | 2023-09-18 | 2024-11-21 |
| CVE-2023-35850 | SUNNET WMPro portal's file management function has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege or a privileged account can exploit this vulnerability to inject and execute arbitrary system commands to perform arbitrary system operations or disrupt service. | [email protected] | 7.2 | 0.22% | 2023-09-18 | 2024-11-21 |
| CVE-2019-11062 | The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Injection via "/teach/course/doajaxfileupload.php". The target server can be exploited without authentication. | [email protected] | 9.8 | 5.47% | 2019-07-11 | 2024-11-21 |