A missing authorization vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to perform unauthorized application deployment due to the absence of proper access control checks.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XSun.net Ehrd Ctms
APPSun.Net< 10.11
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References
Related vulnerabilities
CVE-2025-54942CRITICAL9.3PL ✓ten sam produkt
Brak uwierzytelnienia w SUNNET CTMS — dostęp do funkcji wdrożeniowych
CVE-2025-54945CRITICAL10.0PL ✓ten sam produkt
RCE poprzez external control of file path w SUNNET CTMS
CVE-2025-54946CRITICAL9.3PL ✓ten sam produkt
SQL Injection w SUNNET Corporate Training Management System
CVE-2024-10440CRITICAL9.8PL ✓ten sam produkt
SQL Injection w eHDR CTMS (Sunnet) umożliwia nieautoryzowany dostęp do bazy
CVE-2026-7489HIGH8.7ten sam produkt
CTMS developed by Sunnet has a SQL Injection vulnerability, allowing authenticated remote attackers to inject ...