RSS   Vulnerabilities for
'Easytest online learning test platform'
   RSS

2021-10-15
 
CVE-2021-42333

CWE-89
 

 
The Easytest contains SQL injection vulnerabilities. After obtaining user�??s privilege, remote attackers can inject SQL commands into the parameters of the learning history page to access all database and obtain administrator permissions.

 
 
CVE-2021-42334

CWE-89
 

 
The Easytest contains SQL injection vulnerabilities. After obtaining a user�??s privilege, remote attackers can inject SQL commands into the parameters of the elective course management page to obtain all database and administrator permissions.

 
 
CVE-2021-42335

CWE-79
 

 
Easytest bulletin board management function of online learning platform does not filter special characters. After obtaining a user�??s privilege, remote attackers can inject JavaScript and execute stored XSS attack.

 
 
CVE-2021-42336

CWE-285
 

 
The learning history page of the Easytest is vulnerable by permission bypass. After obtaining a user�??s permission, remote attackers can access other users�?? and administrator�??s account information except password by crafting URL parameters.

 


Copyright 2024, cxsecurity.com

 

Back to Top