CVE-2024-44760

HIGH

Shenzhou News Union Enterprise Management System <18.8 - Incorrect Access Control

Title source: llm

Description

Incorrect access control in the component /servlet/SnoopServlet of Shenzhou News Union Enterprise Management System v5.0 through v18.8 allows attackers to access sensitive information regarding the server.

Exploits (1)

github WRITEUP 3 stars

by WarmBrew · poc

https://github.com/WarmBrew/web_vul/tree/main/CVES/CVE-2024-44760.md

View Code ZIP pw:eip

References (2)

[Various Sources] https://github.com/WarmBrew/web_vul/blob/main/CVES/CVE-2024-44760.md

[Exploit] https://github.com/WarmBrew/web_vul/blob/main/SunmoEMS/SunmoEMS-info.md

Scores

CVSS v3 7.5

EPSS 0.0021

EPSS Percentile 42.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-276

Status published

Products (1)

sunmochina/enterprise_management_system 5.0 - 18.8

Published Aug 28, 2024

Tracked Since Feb 18, 2026