CVE-2024-42679

SQL Injection vulnerability in Super easy enterprise management system v.1.0.0 and before allows a local attacker to execute arbitrary code via a crafted script to the/ajax/Login.ashx component.
References
Link Resource
https://github.com/WarmBrew/web_vul/blob/main/CYGLXT/CYsqli.md Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:cysoft168:super_easy_enterprise_management_system:*:*:*:*:*:*:*:*

History

20 Aug 2024, 19:11

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8
CPE cpe:2.3:a:cysoft168:super_easy_enterprise_management_system:*:*:*:*:*:*:*:*
First Time Cysoft168
Cysoft168 super Easy Enterprise Management System
CWE CWE-89
References () https://github.com/WarmBrew/web_vul/blob/main/CYGLXT/CYsqli.md - () https://github.com/WarmBrew/web_vul/blob/main/CYGLXT/CYsqli.md - Exploit, Third Party Advisory
Summary
  • (es) Vulnerabilidad de inyección SQL en Super easy enterprise management system v.1.0.0 y anteriores permite a un atacante local ejecutar código arbitrario a través de un script diseñado en el componente/ajax/Login.ashx.

15 Aug 2024, 14:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-15 14:15

Updated : 2024-09-06 17:35


NVD link : CVE-2024-42679

Mitre link : CVE-2024-42679

CVE.ORG link : CVE-2024-42679


JSON object : View

Products Affected

cysoft168

  • super_easy_enterprise_management_system
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')