CVE-2024-42677

MEDIUM

Huizhi Enterprise Resource Management <1.0 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-42677. PoCs published by WarmBrew.

AI-analyzed exploit summary The repository contains detailed technical writeups for multiple CVEs, including CVE-2024-42677, which describes an Incorrect Access Control vulnerability in Huizhi enterprise resource management system. The writeups include affected versions, vulnerability types, and descriptions, but no functional exploit code is provided.

Description

An issue in Huizhi enterprise resource management system v.1.0 and before allows a local attacker to obtain sensitive information via the /nssys/common/filehandle. Aspx component

Exploits (1)

github WRITEUP 3 stars
by WarmBrew · poc
https://github.com/WarmBrew/web_vul/tree/main/CVES/CVE-2024-42677.md

The repository contains detailed technical writeups for multiple CVEs, including CVE-2024-42677, which describes an Incorrect Access Control vulnerability in Huizhi enterprise resource management system. The writeups include affected versions, vulnerability types, and descriptions, but no functional exploit code is provided.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Theoretical
Target: Huizhi enterprise resource management system <=1.0.0
No auth needed
Prerequisites: access to the vulnerable endpoint
devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 5.5
EPSS 0.0027
EPSS Percentile 18.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-922
Status published
Products (1)
isellerpal/enterprise_resource_management_system < 1.0
Published Aug 15, 2024
Tracked Since Feb 18, 2026