VU#706695: Checkbox Survey insecurely deserializes ASP.NET View State data

Overview Checkbox Survey prior to version 7.0 insecurely deserializes ASP.NET View State data, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable server. Description CVE-2021-27852 Checkbox Survey insecurely deserializes ASP.NET View State data. Checkbox Survey is an ASP.NET application that can add survey functionality to a website. Prior to version 7.0, Checkbox Survey implements its own View State functionality by accepting a _VSTATE argument, which it then deserializes using LosFormatter. Because this data is manually...