6 matches found
CVE-2024-43772
The Easytest Online Test Platform (Huachu) contains an SQL injection in the download student learning course function, exploitable via the uid parameter in versions prior to 24E01. Impact: remote arbitrary SQL execution and potential data access/modification. Mitigation: upgrade to version 24E01 ...
CVE-2024-43773
CVE-2024-43773 affects Easytest Online Test Platform versions 24E01 and earlier. The vulnerability is a SQL injection in the download class learning course function, exploitable via the cstr parameter, enabling remote attackers to execute arbitrary SQL commands. Impact details are described as po...
CVE-2024-43775
The CVE-2024-43775 affects Easytest Online Test Platform versions 24E01 and earlier. The vulnerability is a SQL Injection in the search course titles function, exploitable by remote authenticated users through the search parameter, enabling arbitrary SQL commands. Evidence from multiple sources c...
CVE-2024-7871
CVE-2024-7871: SQL Injection in the online dictionary function of Easytest Online Test Platform (versions 24E01 and earlier). Root cause: vulnerable handling of the word parameter enables arbitrary SQL execution by remote authenticated users. Impact notes (from CVSS): high confidentiality, integr...
CVE-2024-43774
The CVE concerns Easytest Online Test Platform (versions 24E01 and earlier). The vulnerability is a SQL injection in the download personal learning course function, exploitable via the uid parameter. A remote authenticated attacker could execute arbitrary SQL commands, with potential impact on co...
CVE-2024-43776
This CVE (CVE-2024-43776) concerns a SQL Injection vulnerability in the mock exam function of Easytest Online Test Platform, version 24E01 and earlier. The flaw allows remote authenticated users to execute arbitrary SQL via the qlevel parameter. Affected component: mock exam function; underlying ...