CVE-2023-29492

CRITICAL KEV

3rdmill Novi Survey < 8.9.43676 - Code Injection

Title source: rule

Description

Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data.

References (2)

[Vendor Advisory] https://novisurvey.net/blog/novi-survey-security-advisory-apr-2023.aspx

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-29492

Scores

CVSS v3 9.8

EPSS 0.1624

EPSS Percentile 94.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2023-04-13

VulnCheck KEV 2023-04-13

InTheWild.io 2023-04-13

ENISA EUVD EUVD-2023-33059

CWE

CWE-94

Status published

Products (1)

3rdmill/novi_survey < 8.9.43676

Published Apr 11, 2023

KEV Added Apr 13, 2023

Tracked Since Feb 18, 2026