go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

HWA JIUH DIGITAL TECHNOLOGY Easy test Online Learning and Testing Platform - SQL injection

TVN ID TVN-202408007
CVE ID CVE-2024-8327
CVSS 8.8(High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products Easy test Online Learning and Testing Platform before version 24A01.
Description Easy test Online Learning and Testing Platform from HWA JIUH DIGITAL TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with regular privilege to inject arbitrary SQL commands to read, modify, and delete database contents.
Solution Update to version 24A01 or later.
Credit TaiYou
Public Date 2024-08-30
Top