Lucene search
K
EasytestEasytest Online Test Platform

6 matches found

CVE
CVE
added 2024/09/02 4:1 a.m.54 views

CVE-2024-43772

The Easytest Online Test Platform (Huachu) contains an SQL injection in the download student learning course function, exploitable via the uid parameter in versions prior to 24E01. Impact: remote arbitrary SQL execution and potential data access/modification. Mitigation: upgrade to version 24E01 ...

9.8CVSS10AI score0.00487EPSS
CVE
CVE
added 2024/09/02 4:1 a.m.52 views

CVE-2024-43773

CVE-2024-43773 affects Easytest Online Test Platform versions 24E01 and earlier. The vulnerability is a SQL injection in the download class learning course function, exploitable via the cstr parameter, enabling remote attackers to execute arbitrary SQL commands. Impact details are described as po...

9.8CVSS10AI score0.00487EPSS
CVE
CVE
added 2024/09/02 4:3 a.m.52 views

CVE-2024-43775

The CVE-2024-43775 affects Easytest Online Test Platform versions 24E01 and earlier. The vulnerability is a SQL Injection in the search course titles function, exploitable by remote authenticated users through the search parameter, enabling arbitrary SQL commands. Evidence from multiple sources c...

8.8CVSS9.1AI score0.00469EPSS
CVE
CVE
added 2024/09/02 4:0 a.m.50 views

CVE-2024-7871

CVE-2024-7871: SQL Injection in the online dictionary function of Easytest Online Test Platform (versions 24E01 and earlier). Root cause: vulnerable handling of the word parameter enables arbitrary SQL execution by remote authenticated users. Impact notes (from CVSS): high confidentiality, integr...

8.8CVSS9AI score0.00519EPSS
CVE
CVE
added 2024/09/02 4:2 a.m.49 views

CVE-2024-43774

The CVE concerns Easytest Online Test Platform (versions 24E01 and earlier). The vulnerability is a SQL injection in the download personal learning course function, exploitable via the uid parameter. A remote authenticated attacker could execute arbitrary SQL commands, with potential impact on co...

8.8CVSS9AI score0.00469EPSS
CVE
CVE
added 2024/09/02 4:4 a.m.45 views

CVE-2024-43776

This CVE (CVE-2024-43776) concerns a SQL Injection vulnerability in the mock exam function of Easytest Online Test Platform, version 24E01 and earlier. The flaw allows remote authenticated users to execute arbitrary SQL via the qlevel parameter. Affected component: mock exam function; underlying ...

8.8CVSS9AI score0.00469EPSS