Vulnerabilities > CVE-2022-46484 - Insecure Storage of Sensitive Information vulnerability in Ngsurvey 2.4.28

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

ngsurvey

CWE-922

NVD

Published: 2023-08-02

Updated: 2023-08-07

Summary

Information disclosure in password protected surveys in Data Illusion Survey Software Solutions NGSurvey v2.4.28 and below allows attackers to view the password to access and arbitrarily submit surveys.

Vulnerable Configurations

Part	Description	Count
Application	Ngsurvey Ngsurvey Ngsurvey - Ngsurvey Ngsurvey 2.4.28	2

Common Weakness Enumeration (CWE)

CWE-922 - Insecure Storage of Sensitive Information

References

https://github.com/WodenSec/CVE-2022-46484