CTMS and CPAS developed by Sunnet has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
PUBLISHED5.2CWE-434
Sunnet|CTMS and CPAS - Arbitrary File Upload
Problem type
Affected products
Sunnet
CTMS
0 - AFFECTED
CPAS
0 - AFFECTED
References
twcert.org.tw
https://www.twcert.org.tw/tw/cp-132-10894-1ac1f-1.html
twcert.org.tw
https://www.twcert.org.tw/en/cp-139-10895-25ca1-2.html
JSON source
https://cveawg.mitre.org/api/cve/CVE-2026-7490Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2026-7490",
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"dateUpdated": "2026-05-02T09:06:25.153Z",
"dateReserved": "2026-04-30T09:01:05.760Z",
"datePublished": "2026-05-02T09:06:25.153Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert",
"dateUpdated": "2026-05-02T09:06:25.153Z"
},
"datePublic": "2026-05-02T09:02:00.000Z",
"title": "Sunnet|CTMS and CPAS - Arbitrary File Upload",
"descriptions": [
{
"lang": "en",
"value": "CTMS and CPAS developed by Sunnet has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.",
"supportingMedia": [
{
"type": "text/html",
"base64": false,
"value": "CTMS and CPAS developed by Sunnet has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server."
}
]
}
],
"affected": [
{
"vendor": "Sunnet",
"product": "CTMS",
"defaultStatus": "unaffected",
"versions": [
{
"version": "0",
"status": "affected"
}
]
},
{
"vendor": "Sunnet",
"product": "CPAS",
"defaultStatus": "unaffected",
"versions": [
{
"version": "0",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "CWE-434 Unrestricted upload of file with dangerous type",
"cweId": "CWE-434",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-10894-1ac1f-1.html",
"tags": [
"third-party-advisory"
]
},
{
"url": "https://www.twcert.org.tw/en/cp-139-10895-25ca1-2.html",
"tags": [
"third-party-advisory"
]
}
],
"impacts": [
{
"capecId": "CAPEC-650",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-650 Upload a Web Shell to a Web Server"
}
]
}
],
"metrics": [
{
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
],
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
}
}
],
"solutions": [
{
"lang": "en",
"value": "The vendor should have issued a patch. If not yet received, please reach out to the vendor directly.",
"supportingMedia": [
{
"type": "text/html",
"base64": false,
"value": "The vendor should have issued a patch. If not yet received, please reach out to the vendor directly."
}
]
}
]
}
}
}