SQL Injection in download personal learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the uid parameter.
References
Link | Resource |
---|---|
https://zuso.ai/advisory/za-2024-07 | Third Party Advisory |
Configurations
History
04 Sep 2024, 12:26
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
First Time |
Easytest
Easytest easytest Online Test Platform |
|
CPE | cpe:2.3:a:easytest:easytest_online_test_platform:*:*:*:*:*:*:*:* | |
References | () https://zuso.ai/advisory/za-2024-07 - Third Party Advisory |
03 Sep 2024, 12:59
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
02 Sep 2024, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-02 05:15
Updated : 2024-09-04 12:26
NVD link : CVE-2024-43774
Mitre link : CVE-2024-43774
CVE.ORG link : CVE-2024-43774
JSON object : View
Products Affected
easytest
- easytest_online_test_platform
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')