Surveyking
CVE-2022-26249
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack.
AnalysisAI
Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-1236. Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack. Affected products include: Surveyking Project Surveyking.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Surveyking
View allSurveyKing v1.3.1 was discovered to keep users' sessions active after logout. Rated critical severity (CVSS 9.1), this v
An issue in SurveyKing v1.3.1 allows attackers to escalate privileges via re-using the session ID of a user that was del
SurveyKing v0.2.0 was discovered to retain users' session cookies after logout, allowing attackers to login to the syste
An issue in SurveyKing v1.3.1 allows attackers to execute a session replay attack after a user changes their password. R
Share
External POC / Exploit Code
Leaving vuln.today