[Vulnerability Alert] New Human Information Technology｜NUP Portal - SQL Injection

• Subject: [Vulnerability Alert] New Human Information Technology｜NUP Portal - SQL Injection

• Content:
  • Forwarded from Taiwan Computer Network Emergency Response Team/Coordination Center TWCERTCC-200-202509-00000010
  • [New Human Information Technology｜NUP Portal - SQL Injection] (CVE-2025-10266, CVSS: 9.8) An SQL Injection vulnerability exists in the NUP Portal developed by New Human Information Technology. An unauthenticated remote attacker can inject arbitrary SQL commands to read, modify, and delete database content.
• Affected Platforms:
  • NUP Portal SP5.0 (inclusive) and earlier versions
• Recommended Action:
  • Update to SP5.1 (inclusive) and later versions
• References:
  • New Human Information Technology｜NUP Portal - 2 Vulnerabilities Found: https://www.twcert.org.tw/tw/cp-132-10377-89750-1.html

Computer and Communications Center
Network Systems Group