Multiple SQL injection vulnerabilities in ClassApps SelectSurvey.NET before 4.125.002 allow (1) remote attackers to execute arbitrary SQL commands via the SurveyID parameter to survey/ReviewReadOnlySurvey.aspx or (2) remote authenticated users to execute arbitrary SQL commands via the SurveyID parameter to survey/UploadImagePopupToDb.aspx.
CPE | Name | Operator | Version |
---|---|---|---|
selectsurvey.net | le | 4.125.001 | |
selectsurvey.net | eq | 4.125.000 |