CVE-2024-43772 – This SQL injection vulnerability in Easytest On... (How to Fix)

📋 TL;DR

This SQL injection vulnerability in Easytest Online Test Platform allows remote attackers to execute arbitrary SQL commands via the uid parameter in the download student learning course function. Attackers can potentially access, modify, or delete database contents. All users of Easytest Online Test Platform version 24E01 and earlier are affected.

💻 Affected Systems

Products:

Easytest Online Test Platform

Versions: 24E01 and earlier

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments with the vulnerable function enabled are affected regardless of configuration.

📦 What is this software?

Easytest Online Test Platform by Easytest

View all CVEs affecting Easytest Online Test Platform →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the database including data theft, data destruction, privilege escalation to system-level access, and potential lateral movement to other systems.

🟠

Likely Case

Unauthorized access to student and course data, potential exposure of sensitive information including personal details and test results.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries preventing SQL injection, though other vulnerabilities may still exist.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection via uid parameter suggests straightforward exploitation requiring minimal technical skill.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Monitor vendor website for security updates
2. Apply patch when available
3. Test in non-production environment first

🔧 Temporary Workarounds

Input Validation Filter

all

Implement server-side validation to restrict uid parameter to expected format

Implement regex validation: ^[0-9]+$ for uid parameter

WAF Rule

all

Deploy web application firewall rules to block SQL injection patterns

Configure WAF to block SQL injection patterns in POST/GET parameters

🧯 If You Can't Patch

Disable the download student learning course function entirely
Implement network segmentation to isolate the vulnerable system from sensitive data

🔍 How to Verify

Check if Vulnerable:

Test uid parameter with SQL injection payloads like ' OR '1'='1 in the download student learning course function

Check Version:

Check platform version in admin interface or configuration files

Verify Fix Applied:

Verify that SQL injection payloads no longer execute and return appropriate error messages or are blocked

📡 Detection & Monitoring

Log Indicators:

Unusual SQL error messages in application logs
Multiple failed login attempts followed by SQL syntax in requests
UID parameter containing SQL keywords

Network Indicators:

HTTP requests with SQL injection patterns in uid parameter
Unusual database query patterns from application server

SIEM Query:

source="web_logs" AND (uri="*download*" OR uri="*student*" OR uri="*course*") AND (param="*uid*" AND (value="*OR*" OR value="*UNION*" OR value="*SELECT*" OR value="*--*"))

📊 Metadata

CVE ID: CVE-2024-43772

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: September 2, 2024

Last Updated: September 4, 2024

🔗 References

https://zuso.ai/advisory/za-2024-05 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-43772, you might also want to check these: