CVE-2021-41608

Name of the Vulnerable Software and Affected Versions SelectSurvey.NET versions prior to 5.052.000

Description A file disclosure issue allows a remote, unauthenticated attacker to retrieve survey user submitted data by modifying the ID parameter in sequential order beginning from 1 in the "UploadedImageDisplay.aspx" endpoint.

Recommendations For versions prior to 5.052.000, update to version 5.052.000 or later to resolve the issue. As a temporary workaround, consider restricting access to the UploadedImageDisplay.aspx endpoint until a patch is applied. Avoid using sequential ID values in the affected endpoint to minimize the risk of exploitation.