CVE-2021-36520

A SQL injection vulnerability in I-Tech Trainsmart r1044 exists via a evaluation/assign-evaluation?id= URI.
Configurations

Configuration 1 (hide)

cpe:2.3:a:washington:i-tech_trainsmart:r1044:*:*:*:*:*:*:*

History

21 Nov 2024, 06:13

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/171731/itech-TrainSmart-r1044-SQL-Injection.html - Exploit, Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/171731/itech-TrainSmart-r1044-SQL-Injection.html - Exploit, Third Party Advisory, VDB Entry
References () https://sourceforge.net/p/trainsmart/code/HEAD/tree/code/ - Product () https://sourceforge.net/p/trainsmart/code/HEAD/tree/code/ - Product
References () https://www.go2itech.org/resources/trainsmart/ - Product () https://www.go2itech.org/resources/trainsmart/ - Product

25 Apr 2023, 20:33

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CWE CWE-89
CPE cpe:2.3:a:washington:i-tech_trainsmart:r1044:*:*:*:*:*:*:*
References (MISC) https://www.go2itech.org/resources/trainsmart/ - (MISC) https://www.go2itech.org/resources/trainsmart/ - Product
References (MISC) http://packetstormsecurity.com/files/171731/itech-TrainSmart-r1044-SQL-Injection.html - (MISC) http://packetstormsecurity.com/files/171731/itech-TrainSmart-r1044-SQL-Injection.html - Exploit, Third Party Advisory, VDB Entry
References (MISC) https://sourceforge.net/p/trainsmart/code/HEAD/tree/code/ - (MISC) https://sourceforge.net/p/trainsmart/code/HEAD/tree/code/ - Product

17 Apr 2023, 13:12

Type Values Removed Values Added
New CVE

Information

Published : 2023-04-16 04:15

Updated : 2024-11-21 06:13


NVD link : CVE-2021-36520

Mitre link : CVE-2021-36520

CVE.ORG link : CVE-2021-36520


JSON object : View

Products Affected

washington

  • i-tech_trainsmart
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')