Chi, it sounds like this vulnerability creates a backdoor for an internal user use the survey link to get to SDM administration. So are you saying that though user is NOT setup to have Administrator access type but still can get to edit access to SDM administration, functional access and meta data just using Survey link?
Also, looking at the link provided by Raghu, the SDM versions listed are more specific to 14.1.02 or above versions.