Lucene search
K

103 matches found

Cvelist
Cvelist
added 2023/01/03 12:0 a.m.23 views

CVE-2022-43438 HWA JIUH DIGITAL TECHNOLOGY LTD. EasyTest - Incorrect Authorization

The Administrator function of EasyTest has an Incorrect Authorization vulnerability. A remote attacker authenticated as a general user can exploit this vulnerability to bypass the intended access restrictions, to make API functions calls, manipulate system and terminate service...

8.8CVSS8.8AI score0.00794EPSS
Exploits0References1
CNVD
CNVD
added 2021/10/19 12:0 a.m.10 views

Easytest licensing issue vulnerability

Easytest is an online learning quiz platform of China's Huaju Digital Technology, Inc. Easytest is vulnerable to authorization issues, which can be exploited by remote attackers to access user and administrator account information other than passwords by constructing URL parameters after gaining...

4CVSS4AI score0.00818EPSS
Exploits0
CNVD
CNVD
added 2021/10/19 12:0 a.m.12 views

Easytest SQL Injection Vulnerability (CNVD-2021-83597)

Easytest is an online learning quiz platform of China's Hua Ju Digital Technology, Inc. Easytest is vulnerable to SQL injection, which can be exploited by attackers to inject SQL commands into the parameters of the learning history page after gaining user privileges to access all databases and ga...

6.5CVSS4.2AI score0.01087EPSS
Exploits0
CNVD
CNVD
added 2021/10/19 12:0 a.m.14 views

Easytest SQL Injection Vulnerability

Easytest is an online learning quiz platform of China's Hua Ju Digital Technology, Inc. Easytest is vulnerable to SQL injection, which can be exploited by attackers to inject SQL commands into the parameters of the elective course management page after gaining user privileges to gain all database...

6.5CVSS3.9AI score0.01087EPSS
Exploits0
OSV
OSV
added 2021/10/15 12:15 p.m.3 views

CVE-2021-42336

The learning history page of the Easytest is vulnerable by permission bypass. After obtaining a user’s permission, remote attackers can access other users’ and administrator’s account information except password by crafting URL parameters...

4.3CVSS5.8AI score0.00818EPSS
Exploits0References1
NVD
NVD
added 2021/10/15 12:15 p.m.12 views

CVE-2021-42336

The learning history page of the Easytest is vulnerable by permission bypass. After obtaining a user’s permission, remote attackers can access other users’ and administrator’s account information except password by crafting URL parameters...

4.3CVSS0.00818EPSS
Exploits0References1
OSV
OSV
added 2021/10/15 12:15 p.m.4 views

CVE-2021-42335

Easytest bulletin board management function of online learning platform does not filter special characters. After obtaining a user’s privilege, remote attackers can inject JavaScript and execute stored XSS attack...

5.4CVSS5.9AI score0.00567EPSS
Exploits0References1
NVD
NVD
added 2021/10/15 12:15 p.m.15 views

CVE-2021-42333

The Easytest contains SQL injection vulnerabilities. After obtaining user’s privilege, remote attackers can inject SQL commands into the parameters of the learning history page to access all database and obtain administrator permissions...

8.8CVSS0.01087EPSS
Exploits0References1
NVD
NVD
added 2021/10/15 12:15 p.m.12 views

CVE-2021-42334

The Easytest contains SQL injection vulnerabilities. After obtaining a user’s privilege, remote attackers can inject SQL commands into the parameters of the elective course management page to obtain all database and administrator permissions...

8.8CVSS0.01087EPSS
Exploits0References1
OSV
OSV
added 2021/10/15 12:15 p.m.4 views

CVE-2021-42333

The Easytest contains SQL injection vulnerabilities. After obtaining user’s privilege, remote attackers can inject SQL commands into the parameters of the learning history page to access all database and obtain administrator permissions...

8.8CVSS7.4AI score0.01087EPSS
Exploits0References1
Prion
Prion
added 2021/10/15 12:15 p.m.11 views

Sql injection

The Easytest contains SQL injection vulnerabilities. After obtaining user’s privilege, remote attackers can inject SQL commands into the parameters of the learning history page to access all database and obtain administrator permissions...

6.5CVSS9.1AI score0.01087EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/10/15 12:15 p.m.12 views

Design/Logic Flaw

The learning history page of the Easytest is vulnerable by permission bypass. After obtaining a user’s permission, remote attackers can access other users’ and administrator’s account information except password by crafting URL parameters...

4CVSS4.8AI score0.00818EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/10/15 12:15 p.m.16 views

Cross site scripting

Easytest bulletin board management function of online learning platform does not filter special characters. After obtaining a user’s privilege, remote attackers can inject JavaScript and execute stored XSS attack...

3.5CVSS5.5AI score0.00567EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/10/15 12:15 p.m.18 views

Sql injection

The Easytest contains SQL injection vulnerabilities. After obtaining a user’s privilege, remote attackers can inject SQL commands into the parameters of the elective course management page to obtain all database and administrator permissions...

6.5CVSS9AI score0.01087EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/10/15 12:10 p.m.17 views

CVE-2021-42336 Huachu Digital Technology Co.,Ltd. Easytest - Improper Authorization

The learning history page of the Easytest is vulnerable by permission bypass. After obtaining a user’s permission, remote attackers can access other users’ and administrator’s account information except password by crafting URL parameters...

4.3CVSS5.1AI score0.00818EPSS
Exploits0References1
CVE
CVE
added 2021/10/15 12:10 p.m.45 views

CVE-2021-42336

CVE-2021-42336 affects Easytest (Huaju Digital Technology, Inc.). The vulnerability is an authorization bypass in the learning history page, where after gaining a user’s permission, remote attackers can access other users’ and administrators’ account information (excluding passwords) by crafting ...

4.3CVSS4.7AI score0.00818EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/10/15 12:10 p.m.40 views

CVE-2021-42335

The CVE concerns Easytest, an online learning platform’s bulletin board management function. The root cause is insufficient filtering of special characters, enabling stored XSS after an attacker gains user privileges. Reported impact includes the ability to inject JavaScript remotely, with the vu...

5.4CVSS5.4AI score0.00567EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/10/15 12:10 p.m.32 views

CVE-2021-42335 Huachu Digital Technology Co.,Ltd. Easytest - Stored XSS

Easytest bulletin board management function of online learning platform does not filter special characters. After obtaining a user’s privilege, remote attackers can inject JavaScript and execute stored XSS attack...

5.4CVSS5.6AI score0.00567EPSS
Exploits0References1
CVE
CVE
added 2021/10/15 12:10 p.m.45 views

CVE-2021-42334

CVE-2021-42334 pertains to Easytest, an online learning/quiz platform. Connected sources describe a SQL injection vulnerability in the elective course management page that can be exploited after a user gains privilege to inject SQL commands, potentially leading to access of the entire database an...

8.8CVSS9.2AI score0.01087EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/10/15 12:10 p.m.18 views

CVE-2021-42334 Huachu Digital Technology Co.,Ltd. Easytest - SQL Injection-2

The Easytest contains SQL injection vulnerabilities. After obtaining a user’s privilege, remote attackers can inject SQL commands into the parameters of the elective course management page to obtain all database and administrator permissions...

8.8CVSS9.3AI score0.01087EPSS
Exploits0References1
Rows per page
Query Builder