CVE-2021-42336
4.3 MEDIUMThe learning history page of the Easytest is vulnerable by permission bypass
Published: 2021-10-15 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 4.3 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- CWE
- CWE-285
Affected products
| Vendor | Product |
|---|---|
| huaju | easytest_online_learning_test_platform |
Description
The learning history page of the Easytest is vulnerable by permission bypass. After obtaining a user’s permission, remote attackers can access other users’ and administrator’s account information except password by crafting URL parameters.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2021-42335 — Easytest bulletin board management function of online learning platform does not filter special characters (5.4 MEDIUM)
- CVE-2021-42334 — The Easytest contains SQL injection vulnerabilities (8.8 HIGH)
- CVE-2021-42333 — The Easytest contains SQL injection vulnerabilities (8.8 HIGH)
Same CWE
- CVE-2026-12213 — A vulnerability was found in hcengineering Huly Platform up to 0.7.0 (4.3 MEDIUM)
- CVE-2026-12204 — A vulnerability was determined in ShopXO up to 6.7.1 (7.3 HIGH)
- CVE-2026-12190 — A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android (5.3 MEDIUM)
- CVE-2026-12189 — A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android (5.3 MEDIUM)
- CVE-2026-49397 — Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool (5.3 MEDIUM)