Date Posted: 2025/09/17
[Vulnerability Alert] New Human Information Technology|NUP Portal - SQL Injection
- Subject: [Vulnerability Alert] New Human Information Technology|NUP Portal - SQL Injection
- Content:
- Forwarded from Taiwan Computer Network Emergency Response Team/Coordination Center TWCERTCC-200-202509-00000010
- [New Human Information Technology|NUP Portal - SQL Injection] (CVE-2025-10266, CVSS: 9.8) An SQL Injection vulnerability exists in the NUP Portal developed by New Human Information Technology. An unauthenticated remote attacker can inject arbitrary SQL commands to read, modify, and delete database content.
- Affected Platforms:
- NUP Portal SP5.0 (inclusive) and earlier versions
- Recommended Action:
- Update to SP5.1 (inclusive) and later versions
- References:
- New Human Information Technology|NUP Portal - 2 Vulnerabilities Found: https://www.twcert.org.tw/tw/cp-132-10377-89750-1.html
Computer and Communications Center
Network Systems Group
