Описание
A file disclosure vulnerability in the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve survey user submitted data by modifying the value of the ID parameter in sequential order beginning from 1.
Ссылки
- ProductVendor Advisory
- ExploitMitigationThird Party Advisory
- ProductVendor Advisory
- ExploitMitigationThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.052.000 (исключая)
cpe:2.3:a:classapps:selectsurvey.net:*:*:*:*:*:*:*:*
EPSS
Процентиль: 78%
0.01134
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-639
Связанные уязвимости
CVSS3: 7.5
github
около 4 лет назад
A file disclosure vulnerability in the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve survey user submitted data by modifying the value of the ID parameter in sequential order beginning from 1.
EPSS
Процентиль: 78%
0.01134
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-639