CVE-2021-42336

Summary

The learning history page of the Easytest is vulnerable by permission bypass. After obtaining a user’s permission, remote attackers can access other users’ and administrator’s account information except password by crafting URL parameters.

Affected Software

VendorProductVersion RangeStatus
Huachu Digital Technology Co.,Ltd.Easytest1705affected

Weaknesses

  • CWE-285: CWE-285 Improper Authorization

ADP Enrichment

CVE Program Container

Additional References

References