CVE-2014-6030
ClassApps SelectSurvey.NET < 4.125.002 - SQL Injection via SurveyID Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2014-6030. PoCs published by BillV-Lists.
AI-analyzed exploit summary This is a detailed writeup describing SQL injection vulnerabilities in SelectSurvey.net version 4.124.004. It includes unauthenticated and authenticated SQLi vectors, along with sqlmap payloads demonstrating boolean-based blind, time-based blind, and stacked query techniques.
Description
Multiple SQL injection vulnerabilities in ClassApps SelectSurvey.NET before 4.125.002 allow (1) remote attackers to execute arbitrary SQL commands via the SurveyID parameter to survey/ReviewReadOnlySurvey.aspx or (2) remote authenticated users to execute arbitrary SQL commands via the SurveyID parameter to survey/UploadImagePopupToDb.aspx.
Exploits (1)
This is a detailed writeup describing SQL injection vulnerabilities in SelectSurvey.net version 4.124.004. It includes unauthenticated and authenticated SQLi vectors, along with sqlmap payloads demonstrating boolean-based blind, time-based blind, and stacked query techniques.