【Vulnerability Alert】SUNNET｜CTMS Training Master - SQL Injection

• Subject: 【Vulnerability Alert】SUNNET｜CTMS Training Master - SQL Injection

• Description:
  • Forwarded from Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC) Security Alert: TWCERTCC-200-202605-00000001
  • 【SUNNET｜CTMS Training Master - SQL Injection】(CVE-2026-7489, CVSS: 8.8). An authenticated remote attacker can inject arbitrary SQL commands to read, modify, and delete database content.
• Affected Platforms:
  • All versions of CTMS Training Master
• Recommended Actions:
  • The vendor should have provided a patch.
  • If you have not yet received it, please contact the vendor proactively.
• Reference Materials:
  1. https://www.twcert.org.tw/tw/cp-132-10894-1ac1f-1.html

Computer and Communication Center
Network Systems Division