CVE-2024-43776

SQL Injection in mock exam function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the qlevel parameter.
References
Link Resource
https://zuso.ai/advisory/za-2024-09 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:easytest:easytest_online_test_platform:*:*:*:*:*:*:*:*

History

04 Sep 2024, 12:27

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
CPE cpe:2.3:a:easytest:easytest_online_test_platform:*:*:*:*:*:*:*:*
First Time Easytest
Easytest easytest Online Test Platform
References () https://zuso.ai/advisory/za-2024-09 - () https://zuso.ai/advisory/za-2024-09 - Third Party Advisory

03 Sep 2024, 12:59

Type Values Removed Values Added
Summary
  • (es) La función de inyección SQL en Easytest Online Test Platform versión 24E01 y anteriores permite a los usuarios autenticados remotos ejecutar comandos SQL arbitrarios a través del parámetro qlevel.

02 Sep 2024, 05:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-02 05:15

Updated : 2024-09-04 12:27


NVD link : CVE-2024-43776

Mitre link : CVE-2024-43776

CVE.ORG link : CVE-2024-43776


JSON object : View

Products Affected

easytest

  • easytest_online_test_platform
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')