CVE-2022-46485

HIGH

Data Illusion Survey Software Solutions ngSurvey <2.4.28 - DoS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2022-46485. PoCs published by NevaSec.

AI-analyzed exploit summary This repository provides a detailed writeup for CVE-2022-46485, a Denial of Service (DoS) vulnerability in ngSurvey <= 2.4.28. The exploit involves submitting excessively large payloads to text fields, causing server crashes or excessive resource consumption.

Description

Data Illusion Survey Software Solutions ngSurvey version 2.4.28 and below is vulnerable to Denial of Service if a survey contains a "Text Field", "Comment Field" or "Contact Details".

Exploits (2)

nomisec WRITEUP
by NevaSec · poc
https://github.com/NevaSec/CVE-2022-46485

This repository provides a detailed writeup for CVE-2022-46485, a Denial of Service (DoS) vulnerability in ngSurvey <= 2.4.28. The exploit involves submitting excessively large payloads to text fields, causing server crashes or excessive resource consumption.

Classification
Writeup 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: ngSurvey <= 2.4.28
No auth needed
Prerequisites: Access to a survey with text/comment fields · Ability to intercept and modify HTTP requests
devstral-2 · analyzed Feb 16, 2026 Full analysis →
inthewild WRITEUP
poc
https://github.com/wodensec/cve-2022-46485

This repository provides a detailed technical analysis of CVE-2022-46485, a Denial of Service vulnerability in ngSurvey <= 2.4.28. The issue arises due to the lack of server-side validation for character limits in text fields, allowing an attacker to submit excessively large payloads, causing crashes or resource exhaustion.

Classification
Writeup 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: ngSurvey <= 2.4.28
No auth needed
Prerequisites: Access to a survey with text/comment fields · Ability to intercept and modify HTTP requests (e.g., Burp Suite)
devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Third Party Advisory
https://github.com/WodenSec/CVE-2022-46485

Scores

CVSS v3 7.5
EPSS 0.0213
EPSS Percentile 84.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-770
Status published
Products (1)
ngsurvey/ngsurvey < 2.4.28
Published Aug 02, 2023
Tracked Since Feb 18, 2026