TDuckCloud/tduck-survey-form

TDuckCloud/tduck-survey-form

www.tduckcloud.com

Releases10

Frequency7 months 2 days

Last Release about 1 month ago

Stars1.22K

为企业提供「免费」表单问卷能力，「开箱即用」快速赋能业务 A questionnaire system that can be privatized and deployed - 填鸭表单问卷系统（tduck-survey-form）表单系统-问卷系统

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-57631 ↗	Sep 16, 2025Tuesday, 16 September 2025, 20:15	9.8 CRITICAL	—
SQL Injection vulnerability in TDuckCloud v.5.1 allows a remote attacker to execute arbitrary code via the Add a file upload module
CVE-2025-8756 ↗	Aug 9, 2025Saturday, 9 August 2025, 15:15	6.3 MEDIUM	6.5 MEDIUM
A vulnerability has been found in TDuckCloud tduck-platform up to 5.1 and classified as critical. Affected by this vulnerability is the function preHandle of the file /manage/ of the component com.tduck.cloud.api.web.interceptor.AuthorizationInterceptor. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2023-51805 ↗	Jan 13, 2024Saturday, 13 January 2024, 02:15	6.5 MEDIUM	—
SQL Injection vulnerability in TDuckCLoud tduck-platform v.4.0 allows a remote attacker to obtain sensitive information via the getFormKey parameter in the search function of FormDataMysqlService.java file.
CVE-2023-37733 ↗	Jul 19, 2023Wednesday, 19 July 2023, 19:15	6.1 MEDIUM	—
An arbitrary file upload vulnerability in tduck-platform v4.0 allows attackers to execute arbitrary code via a crafted HTML file.