SUNNET Corporate Training Management System Unrestricted File Upload Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A vulnerability allowing unrestricted upload of files with dangerous types has been identified in SUNNET Corporate Training Management System versions prior to 10.11. This vulnerability enables remote attackers to upload malicious code to a specific file, potentially leading to arbitrary code execution.

Impact

Exploitation of this vulnerability could result in arbitrary code execution on the server where SUNNET Corporate Training Management System is hosted.

Added: Aug 30, 2025, 4:16 AM

Updated: Aug 30, 2025, 4:16 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SUNNET Corporate Training Management System Unrestricted File Upload Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating