CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-41609

SQL injection in the ID parameter of the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve data from the application's backend database via boolean-based blind and UNION injection.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.034

EPSS Ranking 86.9%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://www.classapps.com/product_ssv5.aspx
https://www.optiv.com/insights/source-zero/blog/classapps-inc-selectsurveynet-v50-vulnerabilities-disclosure
https://www.classapps.com/product_ssv5.aspx
https://www.optiv.com/insights/source-zero/blog/classapps-inc-selectsurveynet-v50-vulnerabilities-disclosure

Products affected by CVE-2021-41609

Classapps » Selectsurvey.net » Version: N/A

cpe:2.3:a:classapps:selectsurvey.net:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-41609

Products

Pricing

Contact Us