2024-09-02

Huachu Easytest Online Learning Test Platform - SQL Injection

ZUSOART ID ZA-2024-09
CVE ID CVE-2024-43776
Vulnerability Type CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS 4.0 Base CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N (8.7)
Description SQL Injection in mock exam function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the qlevel parameter.
Vendor Huachu Digital Technology Ltd.
Product
Category Version affected
Easytest Online Test Platform ver.24E01 and earlier
Product Support Contact Huachu Digital Technology for version updates.
Release date 2024/09/02
Credit Cheng Ying Hsieh (Vance Hsieh) of ZUSO ART
top