CVE-2024-42679

HIGH

Super easy enterprise management system <1.0.0 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-42679. PoCs published by WarmBrew.

AI-analyzed exploit summary The repository contains detailed technical writeups for multiple CVEs, including CVE-2024-42679, with descriptions of vulnerabilities, affected versions, and proof-of-concept code snippets. It includes HTTP request examples and screenshots demonstrating exploitation steps.

Description

SQL Injection vulnerability in Super easy enterprise management system v.1.0.0 and before allows a local attacker to execute arbitrary code via a crafted script to the/ajax/Login.ashx component.

Exploits (1)

github WRITEUP 3 stars

by WarmBrew · poc

https://github.com/WarmBrew/web_vul/tree/main/CVES/CVE-2024-42679.md

View Code ZIP pw:eip

The repository contains detailed technical writeups for multiple CVEs, including CVE-2024-42679, with descriptions of vulnerabilities, affected versions, and proof-of-concept code snippets. It includes HTTP request examples and screenshots demonstrating exploitation steps.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Super easy enterprise management system <=1.0.0

No auth needed

Prerequisites: Access to the target system

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://github.com/WarmBrew/web_vul/blob/main/CYGLXT/CYsqli.md

Scores

CVSS v3 7.8

EPSS 0.0031

EPSS Percentile 22.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-89

Status published

Products (1)

cysoft168/super_easy_enterprise_management_system < 1.0.0

Published Aug 15, 2024

Tracked Since Feb 18, 2026