CVE-2021-36520 – itech TrainSmart r1044 - SQL injection

https://notcve.org/view.php?id=CVE-2021-36520

A SQL injection vulnerability in I-Tech Trainsmart r1044 exists via a evaluation/assign-evaluation?id= URI. itech TrainSmart version r1044 suffers from a remote SQL injection vulnerability. • https://www.exploit-db.com/exploits/51253 http://packetstormsecurity.com/files/171731/itech-TrainSmart-r1044-SQL-Injection.html https://sourceforge.net/p/trainsmart/code/HEAD/tree/code https://www.go2itech.org/resources/trainsmart • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •