PT-2023-14941 · Data Illusion Survey Software Solutions · Ngsurvey

Published

2023-08-02

Updated

2023-08-07

CVE-2022-46484

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Data Illusion Survey Software Solutions NGSurvey versions 2.4.28 and below

Description The issue allows attackers to view the password for password-protected surveys, enabling them to access and arbitrarily submit surveys.

Recommendations For versions 2.4.28 and below, update to a version above 2.4.28 to resolve the issue.

Exploit

Fix

Insecure Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-922

Related Identifiers

CVE-2022-46484

Affected Products

Ngsurvey

PT-2023-14941 · Data Illusion Survey Software Solutions · Ngsurvey

CVE-2022-46484

Weakness Enumeration

Related Identifiers

Affected Products

References · 4