Dual High-Severity Vulnerabilities Identified in SunNet Corporate Training and Performance Management Systems

Posted on Author Steve Granger 0

Answer Brief

Taiwan's TWCERT/CC has disclosed two high-severity security vulnerabilities affecting SunNet's Corporate Training Management System (CTMS) and Corporate Appraisal Performance System (CAPS). These flaws include a SQL injection vulnerability and an arbitrary file upload weakness that could lead to full system compromise.

Abstract high-tech visualization of network security vulnerabilities and infrastructure risk mapping.

Executive Summary: Taiwan's TWCERT/CC has disclosed two high-severity security vulnerabilities affecting SunNet's Corporate Training Management System (CTMS) and Corporate Appraisal Performance System (CAPS). These flaws include a SQL injection vulnerability and an arbitrary file upload weakness that could lead to full system compromise.

Why It Matters

The discovery of vulnerabilities in SunNet's CTMS and CAPS platforms highlights significant risks to corporate identity and human resource data integrity in the Taiwan market. CVE-2026-7489 is particularly critical as a SQL injection flaw with an 8.8 CVSS score; it allows authenticated remote attackers to manipulate or delete database content, potentially exposing sensitive employee records and organizational structures. The second flaw, CVE-2026-7490, presents a risk of arbitrary file upload. While this requires administrative privileges, it enables the execution of web shells, which can lead to complete server takeover and lateral movement within corporate networks. For global security teams managing subsidiaries or partners in East Asia, these findings underscore the necessity of auditing local HR and training infrastructure that may be overlooked in global vulnerability management programs. Organizations utilizing SunNet software are advised to verify their current versioning and contact the vendor for necessary patches to mitigate remote code execution risks.

Event Type: security
Importance: high

Affected Companies

  • CHT Security
  • SunNet Technology

Affected Sectors

  • Cybersecurity
  • Enterprise Software
  • Human Resources Technology

Key Numbers

  • CVSS Score (CVE-2026-7489): 8.8
  • CVSS Score (CVE-2026-7490): 7.2
  • Total Vulnerabilities: 2

Timeline

  1. TWCERT/CC publicly discloses vulnerabilities and assigns TVN and CVE identifiers.
  2. Public reporting confirmed regarding the availability of vendor patches.

Sources

Leave a Reply

Your email address will not be published. Required fields are marked *