Lucene search
HistorySep 02, 2024 - 5:15 a.m.
CVE-2024-7871
sql injection
online dictionary
easytest online test platform
remote authenticated users
arbitrary sql commands
word parameter
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
20.0%
SQL Injection in online dictionary function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the word parameter.
Affected configurations
Node
easytest_online_test_platform_projecteasytest_online_test_platformRange≤24e01
| Vendor | Product | Version | CPE |
|---|---|---|---|
| easytest_online_test_platform_project | easytest_online_test_platform | * | cpe:2.3:a:easytest_online_test_platform_project:easytest_online_test_platform:*:*:*:*:*:*:*:* |
References
Related
cvelist
cvelist
CVE-2024-7871 Huachu Easytest Online Learning Test Platform - SQL Injection
2024-09-02 04:00:24
cve
cve
CVE-2024-7871
2024-09-02 05:15:17
vulnrichment
vulnrichment
CVE-2024-7871 Huachu Easytest Online Learning Test Platform - SQL Injection
2024-09-02 04:00:24
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
20.0%
Related for NVD:CVE-2024-7871