CVE-2021-42334 — HIGH (8.8)

Vulnerability Description

The Easytest contains SQL injection vulnerabilities. After obtaining a user’s privilege, remote attackers can inject SQL commands into the parameters of the elective course management page to obtain all database and administrator permissions.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Huaju	Easytest Online Learning Test Platform	1705

Related Weaknesses (CWE)

CWE-89

References

https://www.twcert.org.tw/tw/cp-132-5204-f80ad-1.htmlThird Party Advisory
https://www.twcert.org.tw/tw/cp-132-5204-f80ad-1.htmlThird Party Advisory

FAQ

What is CVE-2021-42334?

CVE-2021-42334 is a vulnerability with a CVSS score of 8.8 (HIGH). The Easytest contains SQL injection vulnerabilities. After obtaining a user’s privilege, remote attackers can inject SQL commands into the parameters of the elective course management page to obtain a...

How severe is CVE-2021-42334?

CVE-2021-42334 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-42334?

Check the references section above for vendor advisories and patch information. Affected products include: Huaju Easytest Online Learning Test Platform.