Skip to main content

Ctms

2 CVEs product

Monthly

CVE-2026-7490 HIGH This Week

Arbitrary file upload in Sunnet CTMS and CPAS allows authenticated remote attackers with high privileges to upload and execute web shell backdoors, achieving full server compromise. The vulnerability enables complete control over affected systems via malicious file execution, with critical impact to confidentiality, integrity, and availability. Despite requiring high-privilege access (PR:H), the network-accessible attack vector and low complexity (AV:N/AC:L) make this exploitable by any authenticated administrator or privileged user, representing significant risk in environments where such credentials are compromised or where insider threats exist.

File Upload RCE Ctms Cpas
NVD VulDB
CVSS 4.0
8.6
EPSS
0.2%
CVE-2026-7489 HIGH This Week

SQL injection in Sunnet CTMS allows authenticated remote attackers with low privileges to execute arbitrary SQL commands over the network. The vulnerability enables complete compromise of database integrity - reading sensitive data, modifying records, and deleting information. Taiwan CERT (TWCERT) published advisories documenting this vulnerability, indicating coordinated disclosure. EPSS and KEV data not available; exploitation status unknown beyond vendor notification.

SQLi Ctms
NVD VulDB
CVSS 4.0
8.7
EPSS
0.1%
EPSS 0% CVSS 8.6
HIGH This Week

Arbitrary file upload in Sunnet CTMS and CPAS allows authenticated remote attackers with high privileges to upload and execute web shell backdoors, achieving full server compromise. The vulnerability enables complete control over affected systems via malicious file execution, with critical impact to confidentiality, integrity, and availability. Despite requiring high-privilege access (PR:H), the network-accessible attack vector and low complexity (AV:N/AC:L) make this exploitable by any authenticated administrator or privileged user, representing significant risk in environments where such credentials are compromised or where insider threats exist.

File Upload RCE Ctms +1
NVD VulDB
EPSS 0% CVSS 8.7
HIGH This Week

SQL injection in Sunnet CTMS allows authenticated remote attackers with low privileges to execute arbitrary SQL commands over the network. The vulnerability enables complete compromise of database integrity - reading sensitive data, modifying records, and deleting information. Taiwan CERT (TWCERT) published advisories documenting this vulnerability, indicating coordinated disclosure. EPSS and KEV data not available; exploitation status unknown beyond vendor notification.

SQLi Ctms
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy