Lucene search

[email protected]NVD:CVE-2024-42680

HistoryAug 15, 2024 - 2:15 p.m.

CVE-2024-42680

2024-08-1514:15:11

CWE-22

[email protected]

web.nvd.nist.gov

super easy enterprise management system

local attacker

server absolute path

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

Percentile

11.1%

JSON

An issue in Super easy enterprise management system v.1.0.0 and before allows a local attacker to obtain the server absolute path by entering a single quotation mark.

Affected configurations

Nvd

Node

cysoft168super_easy_enterprise_management_systemRange≤1.0.0

VendorProductVersionCPE
cysoft168super_easy_enterprise_management_system*cpe:2.3:a:cysoft168:super_easy_enterprise_management_system:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cysoft168	super_easy_enterprise_management_system	*	cpe:2.3:a:cysoft168:super_easy_enterprise_management_system::::::::

References

github.com/WarmBrew/web_vul/blob/main/CYGLXT/CYinfo.md

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

Percentile

11.1%

JSON

Related for NVD:CVE-2024-42680

vulnrichment1 cve1 cvelist1