What the vulnerability does
01Description
The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing remote attackers with regular privileges to inject arbitrary SQL command to read database contents.
CVSS base score
6.5/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Key dates
02Disclosure timeline
May 2, 2025
CVE published
May 2, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2024-31212 SQL injection in index_chart_data action
CVE-2025-2117 Beijing Founder Electronics Founder Enjoys All-Media Acquisition and Editing System reportCenter.do electricDocList sql injection
CVE-2025-68017 WordPress Antideo Email Validator plugin <= 1.0.10 - SQL Injection vulnerability
CVE-2017-17423
CVE-2025-0540 itsourcecode Tailoring Management System expadd.php sql injection
