CVE-2024-43776

Huachu Easytest Online Learning Test Platform - SQL Injection

CVSS 8.7 HIGHEPSS 0.5%CWE-89

SQL Injection in mock exam function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the qlevel parameter.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Produtos afetados

Huachu Digital Technology Ltd. · Easytest Online Test Platform

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://zuso.ai/advisory/za-2024-09