Aggregates CVE and security vulnerability intelligence across all easy_test_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk sql injection, with potential vendor impact data exposure across vendor surface software deployment and vendor surface production workloads use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2022-43438 | The Administrator function of EasyTest has an Incorrect Authorization vulnerability. A remote attacker authenticated as a general user can exploit this vulnerability to bypass the intended access restrictions, to make API functions calls, manipulate system and terminate service. | [email protected] | 8.8 | 0.34% | 2023-01-03 | 2024-11-21 |
| CVE-2022-43437 | The Download function’s parameter of EasyTest has insufficient validation for user input. A remote attacker authenticated as a general user can inject arbitrary SQL command to access, modify or delete database. | [email protected] | 8.8 | 0.84% | 2023-01-03 | 2024-11-21 |
| CVE-2022-43436 | The File Upload function of EasyTest has insufficient filtering for special characters and file type. A remote attacker authenticated as a general user can upload and execute arbitrary files, to manipulate system or disrupt service. | [email protected] | 8.8 | 0.71% | 2023-01-03 | 2024-11-21 |