本頁列出影響 sun.net wmpro 的已公開 CVE 漏洞(透過 NVD CPE 關聯)。每列包含嚴重程度評分、摘要與發布日期,便於識別與分析安全議題。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2025-15226 | WMPro developed by Sunnet has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server. | [email protected] | 9.3 | 0.51% | 2025-12-29 | 2026-06-17 |
| CVE-2025-15225 | WMPro developed by Sunnet has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to read arbitrary system files. | [email protected] | 8.7 | 0.46% | 2025-12-29 | 2026-06-17 |
| CVE-2023-35851 | SUNNET WMPro portal's FAQ function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to obtain sensitive information via a database. | [email protected] | 7.5 | 0.60% | 2023-09-17 | 2026-06-17 |
| CVE-2023-35850 | SUNNET WMPro portal's file management function has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege or a privileged account can exploit this vulnerability to inject and execute arbitrary system commands to perform arbitrary system operations or disrupt service. | [email protected] | 7.2 | 0.69% | 2023-09-17 | 2026-06-17 |
| CVE-2019-11062 | The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Injection via "/teach/course/doajaxfileupload.php". The target server can be exploited without authentication. | [email protected] | 9.8 | 5.70% | 2019-07-11 | 2026-06-16 |