Описание
OPEXUS eCasePortal before version 9.0.45.0 allows an unauthenticated attacker to navigate to the 'Attachments.aspx' endpoint, iterate through predictable values of 'formid', and download or delete all user-uploaded files, or upload new files.
EPSS
Процентиль: 22%
0.00072
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-639
Связанные уязвимости
CVSS3: 9.8
github
30 дней назад
OPEXUS eCasePortal before version 9.0.45.0 allows an unauthenticated attacker to navigate to the 'Attachments.aspx' endpoint, iterate through predictable values of 'formid', and download or delete all user-uploaded files, or upload new files.
EPSS
Процентиль: 22%
0.00072
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-639