Every CVE whose affected-product data names Sun.net Wmpro, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2019-11062 — CVSS 9.8 (critical): The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Injection via "/teach/course/doajaxfileupload.php". The target server…
CVE-2025-15226 — CVSS 9.8 (critical): WMPro developed by Sunnet has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web…
CVE-2023-35851 — CVSS 7.5 (high): SUNNET WMPro portal's FAQ function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL…
CVE-2025-15225 — CVSS 7.5 (high): WMPro developed by Sunnet has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path…
CVE-2023-35850 — CVSS 7.2 (high): SUNNET WMPro portal's file management function has a vulnerability of insufficient filtering for user input. A remote attacker with…