CVE-2023-29492 - Code injection
Original CVE data
Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data.
Novisurvey - (1)
Common vulnerability metrics
No exploit code is reported to exist.
Vulnerability is referenced under CISA's Known Exploited Vulnerabilities (KEV) catalog. See the KEV Catalog
No sightings of the vulnerability within threat reports.
How the vulnerability maps against various cybersecurity frameworks
How the submited vulnerability affects compliance
Web Application Security Frameworks
Applicable if the issue likely affects a web application