2026-01-08 17:12:39
cisa-cg
PUBLISHED
OPEXUS eCasePortal before version 9.0.45.0 allows an unauthenticated attacker to navigate to the Attachments.aspx endpoint, iterate through predictable values of formid, and download or delete all user-uploaded files, or upload new files.