CVE-2024-42679

HIGH Year: 2024
CVSS v3 Score
7.8
High
Weakness Type
CWE-89
View all →

Vulnerability Description

SQL Injection vulnerability in Super easy enterprise management system v.1.0.0 and before allows a local attacker to execute arbitrary code via a crafted script to the/ajax/Login.ashx component.

Related Vulnerabilities

CVE-2015-4669

HIGH
CVSS:7.8(High)

The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system.

CWE-892015

CVE-2019-12372

HIGH
CVSS:7.8(High)

Petraware pTransformer ADC before 2.1.7.22827 allows SQL Injection via the User ID parameter to the login form.

CWE-892019

CVE-2019-20573

HIGH
CVSS:7.8(High)

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is local SQL injection in the RCS Content Provider. The Samsung IDs are SVE-2019-14059, SVE-2019-14685...

CWE-892019

CVE-2019-20574

HIGH
CVSS:7.8(High)

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is local SQL injection in the Wi-Fi history Content Provider. The Samsung ID is SVE-2019-14061 (August...

CWE-892019

CVE-2019-20591

HIGH
CVSS:7.8(High)

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is local SQL injection in the Gear VR Service Content Provider. The Samsung ID is SVE-2019-14058 (July...

CWE-892019

CVE-2019-20592

HIGH
CVSS:7.8(High)

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is local SQL injection in the Story Video Editor Content Provider. The Samsung ID is SVE-2019-14062 (J...

CWE-892019