{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-08T07:22:41.993","vulnerabilities":[{"cve":{"id":"CVE-2022-43437","sourceIdentifier":"twcert@cert.org.tw","published":"2023-01-03T03:15:10.187","lastModified":"2024-11-21T07:26:29.107","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Download function’s parameter of EasyTest has insufficient validation for user input. A remote attacker authenticated as a general user can inject arbitrary SQL command to access, modify or delete database."},{"lang":"es","value":"El parámetro de la función Download de EasyTest no tiene validación suficiente para la entrada del usuario. Un atacante remoto autenticado como usuario general puede inyectar un comando SQL arbitrario para acceder, modificar o eliminar la base de datos."}],"metrics":{"cvssMetricV31":[{"source":"twcert@cert.org.tw","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"twcert@cert.org.tw","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:easy_test_project:easy_test:17l18s:*:*:*:*:*:*:*","matchCriteriaId":"61A9C215-C21E-4A3F-9854-4C9E599B01FB"}]}]}],"references":[{"url":"https://www.twcert.org.tw/tw/cp-132-6829-11133-1.html","source":"twcert@cert.org.tw","tags":["Third Party Advisory"]},{"url":"https://www.twcert.org.tw/tw/cp-132-6829-11133-1.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}