VYPR

Selectsurvey.net

by Classapps

CVEs (3)

  • CVE-2021-41609CriJan 28, 2022
    risk 0.64cvss 9.8epss 0.02

    SQL injection in the ID parameter of the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve data from the application's backend database via boolean-based blind and UNION injection.

  • CVE-2021-41608HigJan 28, 2022
    risk 0.49cvss 7.5epss 0.02

    A file disclosure vulnerability in the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve survey user submitted data by modifying the value of the ID parameter in sequential order beginning from 1.

  • CVE-2014-6030Nov 6, 2014
    risk 0.03cvss epss 0.02

    Multiple SQL injection vulnerabilities in ClassApps SelectSurvey.NET before 4.125.002 allow (1) remote attackers to execute arbitrary SQL commands via the SurveyID parameter to survey/ReviewReadOnlySurvey.aspx or (2) remote authenticated users to execute arbitrary SQL commands…