Primary

Context

DWSurvey Incorrect Access Control Vulnerability Allowing Unauthorized Deletion of Questionnaires

Vulnerability

An incorrect access control vulnerability has been identified in DWSurvey version 6.14.0. This issue allows users to delete questionnaires by manipulating the questionnaire ID in the deletion request. When the ID of a different questionnaire is substituted, it can result in the unauthorized deletion of that questionnaire.

Impact

Exploitation of this vulnerability allows for the unauthorized deletion of questionnaires, potentially leading to data loss.

Reproduction

To reproduce this vulnerability, first ensure that DWSurvey version 6.14.0 is running. Begin by creating two questionnaires in the system. Note the IDs of both questionnaires. Click the edit button on the first questionnaire to retrieve its ID. Then, click the delete button for the first questionnaire. When prompted, replace the ID with the ID of the second questionnaire. Upon confirmation, the second questionnaire will be deleted, demonstrating the access control flaw.

Added: Nov 5, 2025, 5:18 PM

Updated: Nov 5, 2025, 8:21 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.2

remediation

0.0

relevance

1.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.2

remediation

0.0

relevance

1.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

DWSurvey Incorrect Access Control Vulnerability Allowing Unauthorized Deletion of Questionnaires

Vulnerability

Impact

Reproduction

Affected Products

wkeyuan DWSurvey

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating