CVE 8.7 HIGH

Sunnet｜CTMS – SQL Injection_CVE-2026-7489

May 2, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

CTMS developed by Sunnet has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

AI Analysis

SQL Injection vulnerability allowing remote attackers to inject arbitrary SQL commands

Basic Information

ID CVE-2026-7489

Source twcert

Published May 2, 2026 at 09:02

Affected Product

Vendor Sunnet

Product CTMS

Affected Versions Sunnet CTMS 0

CWE Classification

CWE-89

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Sunnet

Product CTMS

References

{
    "lastseen": "",
    "description": "CTMS developed by Sunnet has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.",
    "published": "2026-05-02T09:02:21.813Z",
    "modified": "2026-05-02T09:02:21.813Z",
    "type": "cve",
    "title": "Sunnet\uff5cCTMS - SQL Injection",
    "source": "twcert",
    "references": "https://www.twcert.org.tw/tw/cp-132-10894-1ac1f-1.html\nhttps://www.twcert.org.tw/en/cp-139-10895-25ca1-2.html",
    "id": "CVE-2026-7489",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "Sunnet CTMS 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "CTMS",
    "version": "0",
    "vendor": "Sunnet",
    "ai_description": "SQL Injection vulnerability allowing remote attackers to inject arbitrary SQL commands",
    "ai_severity": "High",
    "ai_vendor": "Sunnet",
    "ai_product": "CTMS",
    "ai_version": "0",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply