Lucene search

K
cve[email protected]CVE-2014-6030
HistoryNov 06, 2014 - 6:55 p.m.

CVE-2014-6030

2014-11-0618:55:06
CWE-89
web.nvd.nist.gov
23
cve-2014-6030
sql injection
classapps
selectsurvey.net
security vulnerability
remote attackers
nvd

8.4 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

34.3%

Multiple SQL injection vulnerabilities in ClassApps SelectSurvey.NET before 4.125.002 allow (1) remote attackers to execute arbitrary SQL commands via the SurveyID parameter to survey/ReviewReadOnlySurvey.aspx or (2) remote authenticated users to execute arbitrary SQL commands via the SurveyID parameter to survey/UploadImagePopupToDb.aspx.

Affected configurations

NVD
Node
classappsselectsurvey.netRange4.125.001
OR
classappsselectsurvey.netMatch4.125.000

8.4 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

34.3%

Related for CVE-2014-6030