| TVN ID | TVN-202601005 |
|---|---|
| CVE ID | CVE-2026-1018, CVE-2026-1019, CVE-2026-1020, CVE-2026-1021 |
| CVSS | CVE-2026-1018: 7.5 (High) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2026-1019: 9.8 (Critical) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2026-1020: 5.3 (Medium) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2026-1021: 9.8 (Critical) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Affected Products | Police Statistics Database System |
| Description | CVE-2026-1018: Police Statistics Database System has an Arbitrary File Read vulnerability, allowing Unauthenticated remote attacker to exploit Absolute Path Traversal to download arbitrary system files. CVE-2026-1019: Police Statistics Database System has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality. CVE-2026-1020: Police Statistics Database System has a Absolute Path Traversal vulnerability, allowing unauthenticated remote attackers to enumerate the system file directory. CVE-2026-1021: Police Statistics Database System has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attacker to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server. |
| Solution | Update to version 1.0.3 or later. |
| Credit | Linwz(DEVCORE) |
| Public Date | 2026-01-16 |
:::