Foiaxpress Public Access Link

foiaxpress_public_access_link

Vendor: Opexustech • 5 CVEs

CVEs (5)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-58462 1Opexustech 1Foiaxpress Public Access Link Sep 26, 2025 Sep 9, 2025 9.3 CRITICAL· v4 9.8 CRITICAL· v3 N/A· v2 OPEXUS FOIAXpress Public Access Link (PAL) before version 11.13.1.0 allows SQL injection via SearchPopularDocs.aspx. A remote, unauthenticated attacker could read, write, or delete any content in the underlying database.
CVE-2025-54834 1Opexustech 1Foiaxpress Public Access Link Jan 23, 2026 Jul 31, 2025 6.9 MEDIUM· v4 5.3 MEDIUM· v3 N/A· v2 OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows an unauthenticated, remote attacker to query the /App/CreateRequest.aspx endpoint to check for the existence of valid usernames. There are no rate-limitin...Show more OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows an unauthenticated, remote attacker to query the /App/CreateRequest.aspx endpoint to check for the existence of valid usernames. There are no rate-limiting mechanisms in place.Show less
CVE-2025-54833 1Opexustech 1Foiaxpress Public Access Link Jan 23, 2026 Jul 31, 2025 6.9 MEDIUM· v4 7.5 HIGH· v3 N/A· v2 OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows attackers to bypass account-lockout and CAPTCHA protections. Unauthenticated remote attackers can more easily brute force passwords.
CVE-2025-54832 1Opexustech 1Foiaxpress Public Access Link Jan 23, 2026 Jul 31, 2025 5.3 MEDIUM· v4 4.3 MEDIUM· v3 N/A· v2 OPEXUS FOIAXpress Public Access Link (PAL), version v11.1.0, allows an authenticated user to add entries to the list of states and territories.
CVE-2024-53553 1Opexustech 1Foiaxpress Public Access Link Oct 29, 2025 Jan 16, 2025 N/A· v4 9.1 CRITICAL· v3 N/A· v2 An issue in OPEXUS FOIAXPRESS PUBLIC ACCESS LINK v11.1.0 allows attackers to bypass authentication via crafted web requests.