CVE-2024-43775

SQL Injection in search course titles function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the search parameter.
References
Link Resource
https://zuso.ai/advisory/za-2024-08 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:easytest:easytest_online_test_platform:*:*:*:*:*:*:*:*

History

04 Sep 2024, 12:27

Type Values Removed Values Added
First Time Easytest
Easytest easytest Online Test Platform
CPE cpe:2.3:a:easytest:easytest_online_test_platform:*:*:*:*:*:*:*:*
References () https://zuso.ai/advisory/za-2024-08 - () https://zuso.ai/advisory/za-2024-08 - Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8

03 Sep 2024, 12:59

Type Values Removed Values Added
Summary
  • (es) La función de inyección SQL en la búsqueda de títulos de cursos de Easytest Online Test Platform ver.24E01 y anteriores permite a usuarios autenticados remotos ejecutar comandos SQL arbitrarios a través del parámetro de búsqueda.

02 Sep 2024, 05:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-02 05:15

Updated : 2024-09-04 12:27


NVD link : CVE-2024-43775

Mitre link : CVE-2024-43775

CVE.ORG link : CVE-2024-43775


JSON object : View

Products Affected

easytest

  • easytest_online_test_platform
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')