Lucene search

K
cve[email protected]CVE-2014-6030
HistoryNov 06, 2014 - 6:55 p.m.

CVE-2014-6030

2014-11-0618:55:06
CWE-89
web.nvd.nist.gov
23
cve-2014-6030
sql injection
classapps
selectsurvey.net
security vulnerability
remote attackers
nvd

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

34.4%

Multiple SQL injection vulnerabilities in ClassApps SelectSurvey.NET before 4.125.002 allow (1) remote attackers to execute arbitrary SQL commands via the SurveyID parameter to survey/ReviewReadOnlySurvey.aspx or (2) remote authenticated users to execute arbitrary SQL commands via the SurveyID parameter to survey/UploadImagePopupToDb.aspx.

Affected configurations

NVD
Node
classappsselectsurvey.netRange4.125.001
OR
classappsselectsurvey.netMatch4.125.000

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

34.4%

Related for CVE-2014-6030