CVE-2022-43436 HIGH

CVE-2022-43436: HWA JIUH DIGITAL TECHNOLOGY LTD. EasyTest - Arbitrary File Upload

Vendor Hwa Jiuh Digital Technology Ltd.

Product EasyTest

Weakness CWE-434 · Unrestricted file upload

Published January 3, 2023

Last update April 10, 2025

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

The File Upload function of EasyTest has insufficient filtering for special characters and file type. A remote attacker authenticated as a general user can upload and execute arbitrary files, to manipulate system or disrupt service.

Key dates

02Disclosure timeline

January 3, 2023 CVE published

April 10, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-43436 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/434.html

Related vulnerabilities

CVE-2022-43436: HWA JIUH DIGITAL TECHNOLOGY LTD. EasyTest - Arbitrary File Upload

01Description

02Disclosure timeline

03References

04Related CVE