← Back

CVE-2026-7490

nvd nist
Published: May 2, 2026Modified: May 12, 2026

JSON object

Loading...
8.6
Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: twcert@cert.org.tw (Secondary)

Description

CTMS and CPAS developed by Sunnet has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

Affected (2)

Sun.net
2 products
Ehrd Cpas
Ehrd Ctms
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Ehrd Cpas
All versions
Ehrd Ctms
All versions

Related CWEs

CWE-434
Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

Source: twcert@cert.org.tw
Third Party Advisory
Source: twcert@cert.org.tw
Third Party Advisory

Timeline

No history available yet.