CVSS: 4.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-42901
https://notcve.org/view.php?id=CVE-2024-42901
A CSV injection vulnerability in Lime Survey v6.5.12 allows attackers to execute arbitrary code via uploading a crafted CSV file. • https://github.com/LimeSurvey/LimeSurvey/pull/3884 https://github.com/sysentr0py/CVEs/tree/main/CVE-2024-42901 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-43776 – Huachu Easytest Online Learning Test Platform - SQL Injection
https://notcve.org/view.php?id=CVE-2024-43776
SQL Injection in mock exam function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the qlevel parameter. • https://zuso.ai/advisory/za-2024-09 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-43775 – Huachu Easytest Online Learning Test Platform - SQL Injection
https://notcve.org/view.php?id=CVE-2024-43775
SQL Injection in search course titles function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the search parameter. • https://zuso.ai/advisory/za-2024-08 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-43774 – Huachu Easytest Online Learning Test Platform - SQL Injection
https://notcve.org/view.php?id=CVE-2024-43774
SQL Injection in download personal learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the uid parameter. • https://zuso.ai/advisory/za-2024-07 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-43773 – Huachu Easytest Online Learning Test Platform - SQL Injection
https://notcve.org/view.php?id=CVE-2024-43773
SQL Injection in download class learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the cstr parameter. • https://zuso.ai/advisory/za-2024-06 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •