Arbitrary file deletion

2022-01-2819:15:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.7%

JSON

A file disclosure vulnerability in the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve survey user submitted data by modifying the value of the ID parameter in sequential order beginning from 1.

CPENameOperatorVersion
selectsurvey.netlt5.052.000

CPE	Name	Operator	Version
	selectsurvey.net	lt	5.052.000

References

www.classapps.com/product_ssv5.aspx

www.optiv.com/insights/source-zero/blog/classapps-inc-selectsurveynet-v50-vulnerabilities-disclosure