nvd-json-data-feeds/CVE-2021/CVE-2021-423xx/CVE-2021-42333.json

{
  "id": "CVE-2021-42333",
  "sourceIdentifier": "twcert@cert.org.tw",
  "published": "2021-10-15T12:15:07.827",
  "lastModified": "2021-10-20T18:59:46.917",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "The Easytest contains SQL injection vulnerabilities. After obtaining user\u2019s privilege, remote attackers can inject SQL commands into the parameters of the learning history page to access all database and obtain administrator permissions."
    },
    {
      "lang": "es",
      "value": "Easytest contiene vulnerabilidades de inyecci\u00f3n SQL. Despu\u00e9s de alcanzar privilegios de usuario, unos atacantes remotos pueden inyectar comandos SQL en los par\u00e1metros de la p\u00e1gina del historial de aprendizaje para acceder a toda la base de datos y obtener permisos de administrador"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "twcert@cert.org.tw",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "SINGLE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "twcert@cert.org.tw",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:huaju:easytest_online_learning_test_platform:1705:*:*:*:*:*:*:*",
              "matchCriteriaId": "63605331-63BE-4B6B-9E62-43179A48FAAB"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.twcert.org.tw/tw/cp-132-5203-00de8-1.html",
      "source": "twcert@cert.org.tw",
      "tags": [
        "Third Party Advisory"
      ]
    }
  ]
}