2 matches found
CVE-2021-41609
The connected sources confirm a SQL injection vulnerability (CVE-2021-41609) in ClassApps SelectSurvey.NET; the ID parameter of UploadedImageDisplay.aspx allows remote, unauthenticated attackers to retrieve data from the backend DB via boolean-based blind and UNION injections. Affected software: ...
CVE-2021-41608
CVE-2021-41608 affects ClassApps SelectSurvey.NET (pre-5.052.000) via the UploadedImageDisplay.aspx endpoint. The issue lets a remote, unauthenticated attacker retrieve survey user-submitted data by incrementing the ID parameter from 1 upward, exposing partial confidentiality of data. The vulnera...