Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Sunnet eHRD - Broken Access Control
Vulnerability Description
Sunnet eHRD has broken access control vulnerability, which allows a remote attacker to access account management page after being authenticated as a general user, then perform privilege escalation to execute arbitrary code and control the system or interrupt services.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
关键资源的不正确权限授予
Vulnerability Title
Sunnet eHRD 安全漏洞
Vulnerability Description
旭聊科技 Sunnet eHRD是中国台湾旭聊科技公司的一套人才管理系统。该系统支持人才管理和绩效管理等。 Sunnet eHRD 存在安全漏洞,该漏洞源于Sunnet eHRD未正确限制来自未授权角色的资源访问。攻击者可利用该漏洞通过普通用户身份验证后访问帐户管理页面,然后执行权限升级,执行任意代码,控制系统或中断服务。
CVSS Information
N/A
Vulnerability Type
N/A