【Vulnerability Alert】SQL Injection Vulnerability in eHRD CTMS by Sunnet Technology

publish date : 2024-11-01 update date : 2024-11-01

Source: Ministry of education information & communication security contingency platform

Publication Number TACERT-ANA-2024102901101515 Publication Time 2024/10/29 13:53
Incident Type ANA-Vulnerability Alert Discovery Time 2024/10/29 13:53
Impact Level Medium  
[Subject]
【Vulnerability Alert】SQL Injection Vulnerability in eHRD CTMS by Sunnet Technology
[Content]
Forwarded from TWCERTCC-200-202410-00000013

A SQL Injection vulnerability has been identified in Sunnet Technology's eHRD CTMS, allowing unauthenticated remote attackers to inject arbitrary SQL commands, potentially leading to unauthorized reading, modification, and deletion of database contents.

Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform]
eHRD CTMS Version 10.0
[Recommended Actions]
For versions prior to CTMS 10.0, please contact Sunnet Technology for updates or upgrades.
[Reference]
Sunnet Technology eHRD CTMS - SQL Injection: https://www.twcert.org.tw/tw/cp-132-8168-02720-1.h
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer: Computer Center