Vulnerabilities > Classapps

DATE	CVE	VULNERABILITY TITLE	RISK
2022-01-28	CVE-2021-41608	Authorization Bypass Through User-Controlled Key vulnerability in Classapps Selectsurvey.Net A file disclosure vulnerability in the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve survey user submitted data by modifying the value of the ID parameter in sequential order beginning from 1. network low complexity classapps CWE-639	5.0
2022-01-28	CVE-2021-41609	SQL Injection vulnerability in Classapps Selectsurvey.Net SQL injection in the ID parameter of the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve data from the application's backend database via boolean-based blind and UNION injection. network low complexity classapps CWE-89	7.5
2014-11-06	CVE-2014-6030	SQL Injection vulnerability in Classapps Selectsurvey.Net 4.125.000 Multiple SQL injection vulnerabilities in ClassApps SelectSurvey.NET before 4.125.002 allow (1) remote attackers to execute arbitrary SQL commands via the SurveyID parameter to survey/ReviewReadOnlySurvey.aspx or (2) remote authenticated users to execute arbitrary SQL commands via the SurveyID parameter to survey/UploadImagePopupToDb.aspx. network low complexity classapps CWE-89	6.5

Vulnerabilities > Classapps {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Classapps"}]}