SUNNET WMPro v5.0 and v5.1 has OS Command Injection
CVE-2019-11062

9.8CRITICAL

Key Information:

Vendor: Sunnet
Status: Wmpro
Vendor: CVE Published:; 11 July 2019

What is CVE-2019-11062?

The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Injection via "/teach/course/doajaxfileupload.php". The target server can be exploited without authentication.

Affected Version(s)

WMPro 5.0

WMPro 5.1

References

https://tvn.twcert.org.tw/taiwanvn/TVN-201906001

x_refsource_CONFIRM

http://surl.twcert.org.tw/hLFFM

x_refsource_CONFIRM

https://gist.github.com/tonykuo76/476164af9bc672281b9a339...

x_refsource_CONFIRM

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 11, 2019
Vulnerability Reserved
Apr 9, 2019

Credit

Tony Kuo

CVE-2019-11062 Data

JSON

Sunnet

What is CVE-2019-11062?

Affected Version(s)

References

EPSS Score

CVSS V3.1

Timeline

Credit