5 matches found
CVE-2026-22234
OPEXUS eCasePortal before version 9.0.45.0 allows an unauthenticated attacker to navigate to the 'Attachments.aspx' endpoint, iterate through predictable values of 'formid', and download or delete all user-uploaded files, or upload new files...
CVE-2026-22234 OPEXUS eCasePortal unauthenticated IDOR
OPEXUS eCasePortal before version 9.0.45.0 allows an unauthenticated attacker to navigate to the 'Attachments.aspx' endpoint, iterate through predictable values of 'formid', and download or delete all user-uploaded files, or upload new files...
CVE-2026-22234 OPEXUS eCasePortal unauthenticated IDOR
OPEXUS eCasePortal before version 9.0.45.0 allows an unauthenticated attacker to navigate to the 'Attachments.aspx' endpoint, iterate through predictable values of 'formid', and download or delete all user-uploaded files, or upload new files...
OPEXUS eCasePortal 安全漏洞
OPEXUS eCasePortal is a case management platform from OPEXUS USA. A security vulnerability exists in OPEXUS eCasePortal versions prior to 9.0.45.0 that originates from an unauthenticated attacker being able to traverse the formid value, potentially leading to the download or deletion of files...
OPEXUS eComplaint and eCasePortal IDOR
RISK EVALUATION OPEXUS eCasePortal and eComplaint before version 9.0.45.0 allow an unauthenticated attacker to iterate through predictable URL parameters and download all available files. The eCasePortal vulnerability allows attackers to upload and delete files as well. 2. RECOMMENDED PRACTICES...