Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ehrd vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2021-43358
Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote malicious user to perform path traversal attacks without authentication, access restricted paths and download system files.
Sun Ehrd 8
Sun Ehrd 9
8.8
CVSSv3
CVE-2021-43360
Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt service...
Sun Ehrd 8
Sun Ehrd 9
6.1
CVSSv3
CVE-2020-10509
Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting (XSS), attackers can inject arbitrary command into the system and launch XSS attack.
Sun Ehrd 8.0
Sun Ehrd 9.0
8.8
CVSSv3
CVE-2021-43359
Sunnet eHRD has broken access control vulnerability, which allows a remote malicious user to access account management page after being authenticated as a general user, then perform privilege escalation to execute arbitrary code and control the system or interrupt services.
Sun Ehrd 9
Sun Ehrd 8
7.5
CVSSv3
CVE-2020-10508
Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information.
Sun Ehrd 8
Sun Ehrd 9
6.5
CVSSv3
CVE-2020-10510
Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. After login, attackers can use a specific URL, access unauthorized functionality and data.
Sun Ehrd 8
Sun Ehrd 9
7.5
CVSSv3
CVE-2022-28740
aEnrich eHRD Learning Management Key Performance Indicator System 5+ exposes Sensitive Information to an Unauthorized Actor.
Aenrich A\\+hrd
7.5
CVSSv3
CVE-2022-28742
aEnrich eHRD Learning Management Key Performance Indicator System 5+ has Improper Access Control. The web application does not validate user session when accessing many application pages. This can allow an malicious user to gain unauthenticated access to sensitive functionalities...
Aenrich A\\+hrd
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
firmware
CVE-2006-4304
CVE-2024-32878
CVE-2024-31502
XSS
CVE-2024-3059
CVE-2024-33692
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started