Eric Wang

**Name of the Vulnerable Software and Affected Versions** Easytest (affected versions not specified) **Description** The issue allows remote attackers to inject SQL commands into the parameters of the learning history page after obtaining user privilege, potentially accessing the entire database and obtaining administrator permissions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Easytest (affected versions not specified) **Description** The issue concerns SQL injection vulnerabilities. After obtaining a user's privilege, remote attackers can inject SQL commands into the parameters of the elective course management page to obtain all database and administrator permissions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.