SQL Injection Vulnerability in Easytest: Exploiting Elective Course Management Page

SQL Injection Vulnerability in Easytest: Exploiting Elective Course Management Page

CVE-2021-42334 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

The Easytest contains SQL injection vulnerabilities. After obtaining a user’s privilege, remote attackers can inject SQL commands into the parameters of the elective course management page to obtain all database and administrator permissions.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.