Vulnerabilities (CVE)

Filtered by vendor Classapps Subscribe
Filtered by product Selectsurvey.net
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-41609 1 Classapps 1 Selectsurvey.net 2024-02-28 7.5 HIGH 9.8 CRITICAL
SQL injection in the ID parameter of the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve data from the application's backend database via boolean-based blind and UNION injection.
CVE-2021-41608 1 Classapps 1 Selectsurvey.net 2024-02-28 5.0 MEDIUM 7.5 HIGH
A file disclosure vulnerability in the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve survey user submitted data by modifying the value of the ID parameter in sequential order beginning from 1.
CVE-2014-6030 1 Classapps 1 Selectsurvey.net 2024-02-28 6.5 MEDIUM N/A
Multiple SQL injection vulnerabilities in ClassApps SelectSurvey.NET before 4.125.002 allow (1) remote attackers to execute arbitrary SQL commands via the SurveyID parameter to survey/ReviewReadOnlySurvey.aspx or (2) remote authenticated users to execute arbitrary SQL commands via the SurveyID parameter to survey/UploadImagePopupToDb.aspx.