Vulnerabilities > Classapps
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-28 | CVE-2021-41608 | Authorization Bypass Through User-Controlled Key vulnerability in Classapps Selectsurvey.Net A file disclosure vulnerability in the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve survey user submitted data by modifying the value of the ID parameter in sequential order beginning from 1. | 7.5 |
| 2022-01-28 | CVE-2021-41609 | SQL Injection vulnerability in Classapps Selectsurvey.Net SQL injection in the ID parameter of the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve data from the application's backend database via boolean-based blind and UNION injection. | 9.8 |