Filtered by vendor Systemic-rm
Subscriptions
Filtered by product Risk Value
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-26137 | 1 Systemic-rm | 1 Risk Value | 2025-04-01 | 7.5 High |
| Systemic Risk Value <=2.8.0 is vulnerable to Local File Inclusion via /GetFile.aspx?ReportUrl=. An unauthenticated attacker can exploit this issue to read arbitrary system files by supplying a crafted file path, potentially exposing sensitive information. | ||||
| CVE-2025-26138 | 1 Systemic-rm | 1 Risk Value | 2025-04-01 | 6.5 Medium |
| Systemic Risk Value <=2.8.0 is vulnerable to improper access control in /RiskValue/GroupingEntities/Controls/GetFile.aspx?ID=. Uploaded files are accessible via a predictable numerical ID parameter, allowing unauthorized users to increment or decrement the ID to access and download files they do not have permission to view. | ||||
Page 1 of 1.