PT-2024-30645 · Unknown · Easytest Online Test Platform
Cheng Ying Hsieh
+1
·
Published
2024-09-01
·
Updated
2024-09-04
·
CVE-2024-43773
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Easytest Online Test Platform versions 24E01 and earlier
Description
The issue allows remote attackers to execute arbitrary SQL commands via the
cstr parameter in the download class learning course function. This enables attackers to potentially access or manipulate sensitive data.Recommendations
For versions 24E01 and earlier, consider restricting access to the download class learning course function until a patch is available. As a temporary workaround, avoid using the
cstr parameter in the affected function to minimize the risk of exploitation.Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Easytest Online Test Platform