CVE-2022-46484

HIGH

Data Illusion Survey Software Solutions NGSurvey - Information Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-46484. PoCs published by NevaSec.

AI-analyzed exploit summary This PoC exploits an information disclosure vulnerability in NGSurvey v2.4.28 and below, allowing attackers to retrieve the password of password-protected surveys via an API endpoint. The script sends a GET request to the API endpoint and extracts the password from the JSON response.

Description

Information disclosure in password protected surveys in Data Illusion Survey Software Solutions NGSurvey v2.4.28 and below allows attackers to view the password to access and arbitrarily submit surveys.

Exploits (1)

nomisec WORKING POC 2 stars

by NevaSec · poc

https://github.com/NevaSec/CVE-2022-46484

View Code ZIP pw:eip

This PoC exploits an information disclosure vulnerability in NGSurvey v2.4.28 and below, allowing attackers to retrieve the password of password-protected surveys via an API endpoint. The script sends a GET request to the API endpoint and extracts the password from the JSON response.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Data Illusion Survey Software Solutions NGSurvey v2.4.28 and below

No auth needed

Prerequisites: Valid survey URL

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory

https://github.com/WodenSec/CVE-2022-46484

Scores

CVSS v3 7.5

EPSS 0.0071

EPSS Percentile 48.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-922

Status published

Products (1)

ngsurvey/ngsurvey < 2.4.28

Published Aug 02, 2023

Tracked Since Feb 18, 2026