4 matches found
CVE-2026-22234
OPEXUS eCasePortal before version 9.0.45.0 allows an unauthenticated attacker to navigate to the 'Attachments.aspx' endpoint, iterate through predictable values of 'formid', and download or delete all user-uploaded files, or upload new files...
CVE-2026-22234
OPEXUS eCasePortal before version 9.0.45.0 allows an unauthenticated attacker to navigate to the 'Attachments.aspx' endpoint, iterate through predictable values of 'formid', and download or delete all user-uploaded files, or upload new files...
CVE-2026-22234
The CVE-2026-22234 issue affects OPEXUS eCasePortal (and related eComplaint) versions before 9.0.45.0, where an unauthenticated attacker can navigate to Attachments.aspx and, by iterating through predictable formid values, download or delete all user-uploaded files and even upload new ones. This ...
CVE-2026-22234 OPEXUS eCasePortal unauthenticated IDOR
OPEXUS eCasePortal before version 9.0.45.0 allows an unauthenticated attacker to navigate to the 'Attachments.aspx' endpoint, iterate through predictable values of 'formid', and download or delete all user-uploaded files, or upload new files...