CVE-2024-43775

HIGH

8.8

Description

SQL Injection in search course titles function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the search parameter.

CVE Details

CVSS v3.1 Score8.8

SeverityHIGH

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredLOW

User InteractionNONE

Published9/2/2024

Last Modified9/4/2024

Sourcenvd

Honeypot Sightings0

Affected Products

easytest:easytest_online_test_platform

Weaknesses (CWE)

CWE-89CWE-89

References

https://zuso.ai/advisory/za-2024-08(ART@zuso.ai)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.