4 matches found
CVE-2026-22235
OPEXUS eComplaint before version 9.0.45.0 allows an attacker to visit the the 'DocumentOpen.aspx' endpoint, iterate through predictable values of 'chargeNumber', and download any uploaded files...
CVE-2026-22235 OPEXUS eComplaint IDOR
OPEXUS eComplaint before version 9.0.45.0 allows an attacker to visit the the 'DocumentOpen.aspx' endpoint, iterate through predictable values of 'chargeNumber', and download any uploaded files...
CVE-2026-22235
CVE-2026-22235 affects OPEXUS eComplaint (and related eCasePortal) prior to version 9.0.45.0. The vulnerability arises from an information disclosure/IDOR flaw: an attacker can visit the DocumentOpen.aspx endpoint and iterate through predictable values of the chargeNumber parameter to download an...
PT-2026-2177
Name of the Vulnerable Software and Affected Versions OPEXUS eComplaint versions prior to 9.0.45.0 Description The application allows an attacker to access the 'DocumentOpen.aspx' endpoint and potentially download any uploaded files. This is possible by iterating through predictable values of the...