Primary

Context

Sunnet CTMS SQL Injection Vulnerability

Vulnerability

A SQL injection vulnerability has been identified in all versions of the CTMS application developed by Sunnet. This vulnerability allows authenticated remote attackers to inject arbitrary SQL commands, which could be used to read, modify, or delete database contents.

Impact

Exploitation of this vulnerability could lead to unauthorized access to database information, allowing attackers to manipulate or delete data at will.

Remediation

The vendor should have issued a patch. If not yet received, please reach out to the vendor directly.

Added: May 2, 2026, 10:25 AM

Updated: May 2, 2026, 10:25 AM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

3.1

exploitability

4.9

remediation

0.0

relevance

7.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

3.1

exploitability

4.9

remediation

0.0

relevance

7.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Sunnet CTMS SQL Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Sunnet CTMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating