{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-43437", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "assignerShortName": "twcert", "dateUpdated": "2024-08-03T13:32:58.976Z", "dateReserved": "2022-10-19T00:00:00", "datePublished": "2023-01-03T00:00:00"}, "containers": {"cna": {"title": "HWA JIUH DIGITAL TECHNOLOGY LTD. EasyTest - SQL Injection", "datePublic": "2022-12-30T00:00:00", "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2023-01-03T00:00:00"}, "descriptions": [{"lang": "en", "value": "The Download function\u2019s parameter of EasyTest has insufficient validation for user input. A remote attacker authenticated as a general user can inject arbitrary SQL command to access, modify or delete database."}], "affected": [{"vendor": "HWA JIUH DIGITAL TECHNOLOGY LTD.", "product": "EasyTest", "versions": [{"version": "17L18S", "status": "affected"}]}], "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-6829-11133-1.html"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-89 SQL Injection", "cweId": "CWE-89"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"advisory": "TVN-202212002", "discovery": "EXTERNAL"}, "solutions": [{"lang": "en", "value": "Update Easytest version to v.22I26"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:32:58.976Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-6829-11133-1.html", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:easy_test_project:easy_test:17l18s:*:*:*:*:*:*:*", "matchCriteriaId": "61A9C215-C21E-4A3F-9854-4C9E599B01FB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Download function\u2019s parameter of EasyTest has insufficient validation for user input. A remote attacker authenticated as a general user can inject arbitrary SQL command to access, modify or delete database."}, {"lang": "es", "value": "El par\u00e1metro de la funci\u00f3n Download de EasyTest no tiene validaci\u00f3n suficiente para la entrada del usuario. Un atacante remoto autenticado como usuario general puede inyectar un comando SQL arbitrario para acceder, modificar o eliminar la base de datos."}], "id": "CVE-2022-43437", "lastModified": "2024-11-21T07:26:29.107", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "[email protected]", "type": "Secondary"}]}, "published": "2023-01-03T03:15:10.187", "references": [{"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-6829-11133-1.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-6829-11133-1.html"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "[email protected]", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "[email protected]", "type": "Primary"}]}

{}