Cyb3R

**Name of the Vulnerable Software and Affected Versions** CTMS (affected versions not specified) **Description** CTMS developed by Sunnet contains a SQL Injection flaw. This allows authenticated remote attackers to inject arbitrary SQL commands, enabling them to read, modify, and delete database contents. SQL Injection is a type of flaw that occurs when an attacker can interfere with the queries that an application makes to its database. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CTMS (affected versions not specified) CPAS (affected versions not specified) **Description** CTMS and CPAS developed by Sunnet contain an arbitrary file upload flaw. This allows privileged remote attackers to upload and execute web shell backdoors, which can lead to arbitrary code execution on the server. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.