103 matches found
CVE-2022-43438 HWA JIUH DIGITAL TECHNOLOGY LTD. EasyTest - Incorrect Authorization
The Administrator function of EasyTest has an Incorrect Authorization vulnerability. A remote attacker authenticated as a general user can exploit this vulnerability to bypass the intended access restrictions, to make API functions calls, manipulate system and terminate service...
Easytest licensing issue vulnerability
Easytest is an online learning quiz platform of China's Huaju Digital Technology, Inc. Easytest is vulnerable to authorization issues, which can be exploited by remote attackers to access user and administrator account information other than passwords by constructing URL parameters after gaining...
Easytest SQL Injection Vulnerability (CNVD-2021-83597)
Easytest is an online learning quiz platform of China's Hua Ju Digital Technology, Inc. Easytest is vulnerable to SQL injection, which can be exploited by attackers to inject SQL commands into the parameters of the learning history page after gaining user privileges to access all databases and ga...
Easytest SQL Injection Vulnerability
Easytest is an online learning quiz platform of China's Hua Ju Digital Technology, Inc. Easytest is vulnerable to SQL injection, which can be exploited by attackers to inject SQL commands into the parameters of the elective course management page after gaining user privileges to gain all database...
CVE-2021-42336
The learning history page of the Easytest is vulnerable by permission bypass. After obtaining a user’s permission, remote attackers can access other users’ and administrator’s account information except password by crafting URL parameters...
CVE-2021-42336
The learning history page of the Easytest is vulnerable by permission bypass. After obtaining a user’s permission, remote attackers can access other users’ and administrator’s account information except password by crafting URL parameters...
CVE-2021-42335
Easytest bulletin board management function of online learning platform does not filter special characters. After obtaining a user’s privilege, remote attackers can inject JavaScript and execute stored XSS attack...
CVE-2021-42333
The Easytest contains SQL injection vulnerabilities. After obtaining user’s privilege, remote attackers can inject SQL commands into the parameters of the learning history page to access all database and obtain administrator permissions...
CVE-2021-42334
The Easytest contains SQL injection vulnerabilities. After obtaining a user’s privilege, remote attackers can inject SQL commands into the parameters of the elective course management page to obtain all database and administrator permissions...
CVE-2021-42333
The Easytest contains SQL injection vulnerabilities. After obtaining user’s privilege, remote attackers can inject SQL commands into the parameters of the learning history page to access all database and obtain administrator permissions...
Sql injection
The Easytest contains SQL injection vulnerabilities. After obtaining user’s privilege, remote attackers can inject SQL commands into the parameters of the learning history page to access all database and obtain administrator permissions...
Design/Logic Flaw
The learning history page of the Easytest is vulnerable by permission bypass. After obtaining a user’s permission, remote attackers can access other users’ and administrator’s account information except password by crafting URL parameters...
Cross site scripting
Easytest bulletin board management function of online learning platform does not filter special characters. After obtaining a user’s privilege, remote attackers can inject JavaScript and execute stored XSS attack...
Sql injection
The Easytest contains SQL injection vulnerabilities. After obtaining a user’s privilege, remote attackers can inject SQL commands into the parameters of the elective course management page to obtain all database and administrator permissions...
CVE-2021-42336 Huachu Digital Technology Co.,Ltd. Easytest - Improper Authorization
The learning history page of the Easytest is vulnerable by permission bypass. After obtaining a user’s permission, remote attackers can access other users’ and administrator’s account information except password by crafting URL parameters...
CVE-2021-42336
CVE-2021-42336 affects Easytest (Huaju Digital Technology, Inc.). The vulnerability is an authorization bypass in the learning history page, where after gaining a user’s permission, remote attackers can access other users’ and administrators’ account information (excluding passwords) by crafting ...
CVE-2021-42335
The CVE concerns Easytest, an online learning platform’s bulletin board management function. The root cause is insufficient filtering of special characters, enabling stored XSS after an attacker gains user privileges. Reported impact includes the ability to inject JavaScript remotely, with the vu...
CVE-2021-42335 Huachu Digital Technology Co.,Ltd. Easytest - Stored XSS
Easytest bulletin board management function of online learning platform does not filter special characters. After obtaining a user’s privilege, remote attackers can inject JavaScript and execute stored XSS attack...
CVE-2021-42334
CVE-2021-42334 pertains to Easytest, an online learning/quiz platform. Connected sources describe a SQL injection vulnerability in the elective course management page that can be exploited after a user gains privilege to inject SQL commands, potentially leading to access of the entire database an...
CVE-2021-42334 Huachu Digital Technology Co.,Ltd. Easytest - SQL Injection-2
The Easytest contains SQL injection vulnerabilities. After obtaining a user’s privilege, remote attackers can inject SQL commands into the parameters of the elective course management page to obtain all database and administrator permissions...