CVE-2024-7871 HIGH

CVE-2024-7871: Huachu Easytest Online Learning Test Platform - SQL Injection

Vendor Huachu Digital Technology Ltd.
Product Easytest Online Test Platform
Weakness CWE-89 · SQLi
Published September 2, 2024
Last update September 3, 2024
View on NVD All CVEs

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

SQL Injection in online dictionary function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the word parameter.

Key dates

02Disclosure timeline

September 2, 2024 CVE published
September 3, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-31551 WordPress Salesmate Add-On for Gravity Forms plugin <= 2.0.3 - SQL Injection vulnerability CVE-2023-37196 CVE-2024-55987 WordPress Advanced What should we write next about plugin <= 1.0.3 - SQL Injection vulnerability CVE-2024-1698 NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor <= 2.8.2 - Unauthenticated SQL Injection CVE-2025-3340 codeprojects Online Restaurant Management System combo_update.php sql injection