CVE-2024-8327

Easy test Online Learning and Testing Platform from HWA JIUH DIGITAL TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with regular privilege to inject arbitrary SQL commands to read, modify, and delete database contents.
Configurations

Configuration 1 (hide)

cpe:2.3:a:easy_test_online_learning_and_testing_platform_project:easy_test_online_learning_and_testing_platform:*:*:*:*:*:*:*:*

History

04 Sep 2024, 17:11

Type Values Removed Values Added
References () https://www.twcert.org.tw/en/cp-139-8032-a3d5c-2.html - () https://www.twcert.org.tw/en/cp-139-8032-a3d5c-2.html - Vendor Advisory
References () https://www.twcert.org.tw/tw/cp-132-8028-360e1-1.html - () https://www.twcert.org.tw/tw/cp-132-8028-360e1-1.html - Vendor Advisory
CPE cpe:2.3:a:easy_test_online_learning_and_testing_platform_project:easy_test_online_learning_and_testing_platform:*:*:*:*:*:*:*:*
Summary
  • (es) La plataforma de pruebas y aprendizaje en línea Easy Test de HWA JIUH DIGITAL TECHNOLOGY no valida correctamente un parámetro de página específico, lo que permite a atacantes remotos con privilegios regulares inyectar comandos SQL arbitrarios para leer, modificar y eliminar el contenido de la base de datos.
First Time Easy Test Online Learning And Testing Platform Project easy Test Online Learning And Testing Platform
Easy Test Online Learning And Testing Platform Project

30 Aug 2024, 03:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-30 03:15

Updated : 2024-09-04 17:11


NVD link : CVE-2024-8327

Mitre link : CVE-2024-8327

CVE.ORG link : CVE-2024-8327


JSON object : View

Products Affected

easy_test_online_learning_and_testing_platform_project

  • easy_test_online_learning_and_testing_platform
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')