CVE-2025-26137

Systemic Risk Value =2.8.0 is vulnerable to Local File Inclusion via /GetFile.aspx?ReportUrl=. An unauthenticated attacker can exploit this issue to read arbitrary system files by supplying a crafted file path, potentially exposing sensitive information...

CVE-2025-26138

Systemic Risk Value =2.8.0 is vulnerable to improper access control in /RiskValue/GroupingEntities/Controls/GetFile.aspx?ID=. Uploaded files are accessible via a predictable numerical ID parameter, allowing unauthorized users to increment or decrement the ID to access and download files they do n...

CVE-2022-45894

GetFile.aspx in Planet eStream before 6.72.10.07 allows ..\ directory traversal to read arbitrary local files...

CVE-2022-45894

GetFile.aspx in Planet eStream before 6.72.10.07 allows ..\ directory traversal to read arbitrary local files...

Directory traversal

GetFile.aspx in Planet eStream before 6.72.10.07 allows ..\ directory traversal to read arbitrary local files...

CVE-2022-45894

GetFile.aspx in Planet eStream before 6.72.10.07 allows ..\ directory traversal to read arbitrary local files...

CVE-2019-11397

GetFile.aspx in Rapid4 RapidFlows Enterprise Application Builder 4.5M.23 when used with .NET Framework 4.5 allows Local File Inclusion via the FileDesc parameter...

CVE-2019-11397

GetFile.aspx in Rapid4 RapidFlows Enterprise Application Builder 4.5M.23 when used with .NET Framework 4.5 allows Local File Inclusion via the FileDesc parameter...

PT-2019-12282 · Microsoft +1 · .Net Framework +1

Name of the Vulnerable Software and Affected Versions: Rapid4 RapidFlows Enterprise Application Builder version 4.5M.23 Description: The issue allows for Local File Inclusion via the FileDesc parameter in the GetFile.aspx file. This can be exploited when the software is used with .NET Framework...