CVE-2022-43437

{"id": "CVE-2022-43437", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "twcert@cert.org.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2023-01-03T03:15:10.187", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-6829-11133-1.html", "tags": ["Third Party Advisory"], "source": "twcert@cert.org.tw"}, {"url": "https://www.twcert.org.tw/tw/cp-132-6829-11133-1.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "twcert@cert.org.tw", "description": [{"lang": "en", "value": "CWE-89"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "The Download function\u2019s parameter of EasyTest has insufficient validation for user input. A remote attacker authenticated as a general user can inject arbitrary SQL command to access, modify or delete database."}, {"lang": "es", "value": "El par\u00e1metro de la funci\u00f3n Download de EasyTest no tiene validaci\u00f3n suficiente para la entrada del usuario. Un atacante remoto autenticado como usuario general puede inyectar un comando SQL arbitrario para acceder, modificar o eliminar la base de datos."}], "lastModified": "2024-11-21T07:26:29.107", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:easy_test_project:easy_test:17l18s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "61A9C215-C21E-4A3F-9854-4C9E599B01FB"}], "operator": "OR"}]}], "sourceIdentifier": "twcert@cert.org.tw"}