Systemic Risk Local File Inclusion Vulnerability

Vulnerability

A local file inclusion vulnerability has been identified in Systemic Risk versions through 2.8.0. The issue arises in the GetFile.aspx endpoint, where an unauthenticated attacker can exploit the vulnerability by supplying a crafted file path in the ReportUrl parameter. This exploitation allows the attacker to read arbitrary system files, potentially exposing sensitive information.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information through the reading of arbitrary system files.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.7

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.7

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Systemic Risk Local File Inclusion Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating