VULHUB ™

Mod_Survey does not sufficiently sanitize data supplied via ENV tags. It has been reported by the vendor that this may allow for injection of malicious data into the data repository. Exploitation may allow for manipulation of environment variables or the possibility of executing database commands through injection of SQL syntax. Other attacks which may also be possible. This is only an issue with surveys that use ENV tags.

Mod_Survey does not sufficiently sanitize data supplied via ENV tags. It has been reported by the vendor that this may allow for injection of malicious data into the data repository. Exploitation may allow for manipulation of environment variables or the possibility of executing database commands through injection of SQL syntax. Other attacks which may also be possible. This is only an issue with surveys that use ENV tags.