2024-09-02

Huachu Easytest Online Learning Test Platform - SQL Injection

ZUSOART ID ZA-2024-05
CVE ID CVE-2024-43772
Vulnerability Type CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS 4.0 Base CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N (9.3)
Description SQL Injection in download student learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the uid parameter.
Vendor Huachu Digital Technology Ltd.
Product
Category Version affected
Easytest Online Test Platform ver.24E01 and earlier
Product Support Contact Huachu Digital Technology for version updates.
Release date 2024/09/02
Credit Cheng Ying Hsieh (Vance Hsieh) of ZUSO ART
top