CVE-2024-42680

An issue in Super easy enterprise management system v.1.0.0 and before allows a local attacker to obtain the server absolute path by entering a single quotation mark.
References
Link Resource
https://github.com/WarmBrew/web_vul/blob/main/CYGLXT/CYinfo.md Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:cysoft168:super_easy_enterprise_management_system:*:*:*:*:*:*:*:*

History

21 Aug 2024, 11:06

Type Values Removed Values Added
References () https://github.com/WarmBrew/web_vul/blob/main/CYGLXT/CYinfo.md - () https://github.com/WarmBrew/web_vul/blob/main/CYGLXT/CYinfo.md - Exploit, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.5
First Time Cysoft168 super Easy Enterprise Management System
Cysoft168
CPE cpe:2.3:a:cysoft168:super_easy_enterprise_management_system:*:*:*:*:*:*:*:*
CWE CWE-22
Summary
  • (es) Un problema en Super easy Enterprise Management System v.1.0.0 y anteriores permite a un atacante local obtener la ruta absoluta del servidor ingresando una comilla simple.

15 Aug 2024, 14:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-15 14:15

Updated : 2024-08-21 11:06


NVD link : CVE-2024-42680

Mitre link : CVE-2024-42680

CVE.ORG link : CVE-2024-42680


JSON object : View

Products Affected

cysoft168

  • super_easy_enterprise_management_system
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')