CVE-2024-43774 HIGH

CVE-2024-43774: Huachu Easytest Online Learning Test Platform - SQL Injection

Vendor Huachu Digital Technology Ltd.

Product Easytest Online Test Platform

Weakness CWE-89 · SQLi

Published September 2, 2024

Last update September 3, 2024

View on NVD All CVEs

CVSS base score

8.7/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

SQL Injection in download personal learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the uid parameter.

Key dates

02Disclosure timeline

September 2, 2024 CVE published

September 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-43774 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

Identifiers

CVE CVE-2024-43774

CWE CWE-89

CVSS 8.7 / HIGH

Affected versions