What the vulnerability does
01Description
SQL Injection in mock exam function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the qlevel parameter.
CVE-2024-43776
HIGH
CVE-2024-43776: Huachu Easytest Online Learning Test Platform - SQL Injection
CVSS base score
8.7/10
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Key dates
02Disclosure timeline
September 2, 2024
CVE published
September 3, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2018-25209 OpenBiz Cubi Lite 3.0.8 SQL Injection via username Parameter
CVE-2024-5588 itsourcecode Learning Management System processscore.php sql injection
CVE-2023-49752 WordPress Adifier System Plugin < 3.1.4 is vulnerable to SQL Injection
CVE-2024-25910 WordPress MoveTo Plugin <= 6.2 is vulnerable to SQL Injection
CVE-2026-2553 tushar-2223 Hotel-Management-System HTTP POST Request home.php sql injection
