SUNNET Corporate Training Management System External Control of File Name or Path Vulnerability Allowing Arbitrary Command Execution

Vulnerability

A vulnerability allowing external control of file names or paths has been identified in SUNNET Corporate Training Management System versions prior to 10.11. This vulnerability enables remote attackers to execute arbitrary system commands by manipulating the destination file path with a malicious file.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the server where SUNNET Corporate Training Management System is running.

Added: Aug 30, 2025, 4:21 AM

Updated: Aug 30, 2025, 4:21 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.2

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.2

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SUNNET Corporate Training Management System External Control of File Name or Path Vulnerability Allowing Arbitrary Command Execution

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating