2024-09-02

Huachu Easytest Online Learning Test Platform - SQL Injection

ZUSOART ID ZA-2024-06
CVE ID CVE-2024-43773
Vulnerability Type CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS 4.0 Base CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N (9.3)
Description SQL Injection in download class learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the cstr parameter.
Vendor Huachu Digital Technology Ltd.
Product
Category Version affected
Easytest Online Test Platform ver.24E01 and earlier
Product Support Contact Huachu Digital Technology for version updates.
Release date 2024/09/02
Credit Cheng Ying Hsieh (Vance Hsieh) of ZUSO ART
top