CVE-2024-44760

Published: Aug 28, 2024Modified: Nov 15, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Incorrect access control in the component /servlet/SnoopServlet of Shenzhou News Union Enterprise Management System v5.0 through v18.8 allows attackers to access sensitive information regarding the server.

Affected (1)

Products: Sunmochina: Enterprise Management System

Sunmochina

1 product

Enterprise Management System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sunmochina Enterprise Management System	From 5.0 to 18.8

Related CWEs

CWE-276

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

https://github.com/WarmBrew/web_vul/blob/main/CVES/CVE-2024-44760.md

Source: cve@mitre.org

https://github.com/WarmBrew/web_vul/blob/main/SunmoEMS/SunmoEMS-info.md

Source: cve@mitre.org

Exploit

Timeline

No history available yet.