CVSS 7.2 · HIGH
CVE-2026-7490
CTMS and CPAS developed by Sunnet has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
Ver en NVDAnálisis
Sunnet CTMS and CPAS are highly specialized clinical trial management systems. The vulnerability requires existing privileges and the software is not part of the common open-source or enterprise stack used by the general development community.
Severidad
Puntaje: 7.2(HIGH)
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HAV: NETWORK
AC: LOW
PR: HIGH
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE):
CWE-434EPSS
Probabilidad de explotación (próx. 30 días): 0.0021 (0.2%)
Percentil: 43.4%
EPSS: 2026-05-06
Descripción técnica
CTMS and CPAS developed by Sunnet has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
Publicada: 2/5/2026, 10:16:18
Última modificación: 5/5/2026, 20:14:57