CVE-2024-43775

HIGH

8.8

Description

SQL Injection in search course titles function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the search parameter.

Details CVE

Score CVSS v3.18.8

SeveriteHIGH

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisLOW

Interaction utilisateurNONE

Publie9/2/2024

Derniere modification9/4/2024

Sourcenvd

Observations honeypot0

Produits affectes

easytest:easytest_online_test_platform

Faiblesses (CWE)

CWE-89CWE-89

References

https://zuso.ai/advisory/za-2024-08(ART@zuso.ai)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.