What the vulnerability does
01Description
A SQL injection vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary SQL commands.
CVE-2025-54946
CRITICAL
CVE-2025-54946: SUNNET Corporate Training Management System - SQL Injection
CVSS base score
9.3/10
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Key dates
02Disclosure timeline
August 30, 2025
CVE published
January 30, 2026
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2025-4715 Campcodes Sales and Inventory System view_application.php sql injection
CVE-2024-10422 SourceCodester Attendance and Payroll System overtime_add.php sql injection
CVE-2025-54043 WordPress SMTP for Amazon SES plugin <= 1.9 - SQL Injection Vulnerability
CVE-2025-4488 itsourcecode Gym Management System ajax.php sql injection
CVE-2020-6131
