← back
CVE-2021-27852

CVE-2021-27852

CVSS 9.8 CRITICALEPSS 31.9%● KEVCWE-502
In short

Checkbox Survey versions before 7 contain a critical flaw that allows attackers to run malicious code on the server without needing to log in. The vulnerability exists in how the software handles untrusted data, making it an urgent security risk.

Technical detail

CVE-2021-27852 is an unsafe deserialization vulnerability (CWE-502) in CheckboxWeb.dll that allows unauthenticated remote code execution. Attackers can send malicious serialized objects that execute arbitrary code when deserialized by the application. This affects all Checkbox Survey versions prior to 7, with no authentication required.

Summary generated and translated by AI from the official description.
Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unauthenticated remote attacker to execute arbitrary code. This issue affects: Checkbox Survey versions prior to 7.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Checkbox · Survey

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-27852https://www.kb.cert.org/vuls/id/706695