The Download function’s parameter of EasyTest has insufficient validation for user input. A remote attacker authenticated as a general user can inject arbitrary SQL command to access, modify or delete database.
CPE | Name | Operator | Version |
---|---|---|---|
easy_test | eq | 17.0.0-l18-s |