CVE-2024-43772

SQL Injection in download student learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the uid parameter.
References
Link Resource
https://zuso.ai/advisory/za-2024-05 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:easytest:easytest_online_test_platform:*:*:*:*:*:*:*:*

History

04 Sep 2024, 12:11

Type Values Removed Values Added
References () https://zuso.ai/advisory/za-2024-05 - () https://zuso.ai/advisory/za-2024-05 - Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CPE cpe:2.3:a:easytest:easytest_online_test_platform:*:*:*:*:*:*:*:*
First Time Easytest
Easytest easytest Online Test Platform

03 Sep 2024, 12:59

Type Values Removed Values Added
Summary
  • (es) La inyección SQL en la función de descarga del curso de aprendizaje para estudiantes de Easytest Online Test Platform ver.24E01 y anteriores permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro uid.

02 Sep 2024, 05:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-02 05:15

Updated : 2024-09-04 12:11


NVD link : CVE-2024-43772

Mitre link : CVE-2024-43772

CVE.ORG link : CVE-2024-43772


JSON object : View

Products Affected

easytest

  • easytest_online_test_platform
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')