Vulnerability Details CVE-2014-6030
Multiple SQL injection vulnerabilities in ClassApps SelectSurvey.NET before 4.125.002 allow (1) remote attackers to execute arbitrary SQL commands via the SurveyID parameter to survey/ReviewReadOnlySurvey.aspx or (2) remote authenticated users to execute arbitrary SQL commands via the SurveyID parameter to survey/UploadImagePopupToDb.aspx.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.2%
CVSS Severity
CVSS v2 Score 6.5
References
Products affected by CVE-2014-6030
-
cpe:2.3:a:classapps:selectsurvey.net:-
-
cpe:2.3:a:classapps:selectsurvey.net:4.125.000