CVE-2024-7871

SQL Injection in online dictionary function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the word parameter.
References
Link Resource
https://zuso.ai/advisory/za-2024-04 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:easytest_online_test_platform_project:easytest_online_test_platform:*:*:*:*:*:*:*:*

History

04 Sep 2024, 17:34

Type Values Removed Values Added
CPE cpe:2.3:a:easytest_online_test_platform_project:easytest_online_test_platform:*:*:*:*:*:*:*:*
References () https://zuso.ai/advisory/za-2024-04 - () https://zuso.ai/advisory/za-2024-04 - Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
First Time Easytest Online Test Platform Project easytest Online Test Platform
Easytest Online Test Platform Project

03 Sep 2024, 12:59

Type Values Removed Values Added
Summary
  • (es) La función de inyección SQL en el diccionario en línea de Easytest Online Test Platform ver.24E01 y anteriores permite a los usuarios autenticados remotos ejecutar comandos SQL arbitrarios a través del parámetro de palabra.

02 Sep 2024, 05:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-02 05:15

Updated : 2024-09-04 17:34


NVD link : CVE-2024-7871

Mitre link : CVE-2024-7871

CVE.ORG link : CVE-2024-7871


JSON object : View

Products Affected

easytest_online_test_platform_project

  • easytest_online_test_platform
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')