Sunnet Ctms vulnerabilities
3 known vulnerabilities affecting sunnet/ctms.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3
Vulnerabilities
Page 1 of 1
CVE-2026-7489P2HIGHCVSS 8.8v02026-05-02
CVE-2026-7489 [HIGH] CWE-89 CVE-2026-7489: CTMS developed by Sunnet has a SQL Injection vulnerability, allowing authenticated remote attackers
CTMS developed by Sunnet has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
nvd
CVE-2023-24836P3HIGHCVSS 8.8v7.0 12272023-04-27
CVE-2023-24836 [HIGH] CWE-22 CVE-2023-24836: SUNNET CTMS has vulnerability of path traversal within its file uploading function. An authenticated
SUNNET CTMS has vulnerability of path traversal within its file uploading function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary directories to perform arbitrary system operation or disrupt service.
nvd
CVE-2026-7490P3HIGHCVSS 7.2v02026-05-02
CVE-2026-7490 [HIGH] CWE-434 CVE-2026-7490: CTMS and CPAS developed by Sunnet has an Arbitrary File Upload vulnerability, allowing privileged re
CTMS and CPAS developed by Sunnet has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
nvd