CVE-2024-43773

SQL Injection in download class learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the cstr parameter.
References
Link Resource
https://zuso.ai/advisory/za-2024-06 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:easytest:easytest_online_test_platform:*:*:*:*:*:*:*:*

History

04 Sep 2024, 12:26

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
References () https://zuso.ai/advisory/za-2024-06 - () https://zuso.ai/advisory/za-2024-06 - Third Party Advisory
CPE cpe:2.3:a:easytest:easytest_online_test_platform:*:*:*:*:*:*:*:*
First Time Easytest
Easytest easytest Online Test Platform

03 Sep 2024, 12:59

Type Values Removed Values Added
Summary
  • (es) La inyección SQL en la función del curso de aprendizaje de la clase de descarga de Easytest Online Test Platform ver.24E01 y anteriores permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro cstr.

02 Sep 2024, 05:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-02 05:15

Updated : 2024-09-04 12:26


NVD link : CVE-2024-43773

Mitre link : CVE-2024-43773

CVE.ORG link : CVE-2024-43773


JSON object : View

Products Affected

easytest

  • easytest_online_test_platform
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')