| TVN ID | TVN-202601006 |
|---|---|
| CVE ID | CVE-2026-1022, CVE-2026-1023 |
| CVSS | CVE-2026-1022: 7.5 (High) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2026-1023: 7.5 (High) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| Affected Products | Statistics Database System version 1.0.3 and earlier |
| Description | CVE-2026-1022: Statistics Database System has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files. CVE-2026-1023: Statistics Database System has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly exploit a specific functionality to query database contents. |
| Solution | Update to version 1.0.4 or later. |
| Credit | Linwz(DEVCORE) |
| Public Date | 2026-01-16 |
:::