RSS   Vulnerabilities for 'Selectsurvey.net'   RSS

2022-01-28
 
CVE-2021-41608

CWE-863
 

 
A file disclosure vulnerability in the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve survey user submitted data by modifying the value of the ID parameter in sequential order beginning from 1.

 
 
CVE-2021-41609

CWE-89
 

 
SQL injection in the ID parameter of the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve data from the application's backend database via boolean-based blind and UNION injection.

 
2014-11-06
 
CVE-2014-6030

 

 
Multiple SQL injection vulnerabilities in ClassApps SelectSurvey.NET before 4.125.002 allow (1) remote attackers to execute arbitrary SQL commands via the SurveyID parameter to survey/ReviewReadOnlySurvey.aspx or (2) remote authenticated users to execute arbitrary SQL commands via the SurveyID parameter to survey/UploadImagePopupToDb.aspx.

 


Copyright 2024, cxsecurity.com

 

Back to Top