Primary

Context

OPEXUS eCasePortal Unauthenticated Insecure Direct Object Reference Vulnerability

Vulnerability

An insecure direct object reference vulnerability has been identified in OPEXUS eCasePortal versions prior to 9.0.45.0. This vulnerability allows an unauthenticated attacker to access the 'Attachments.aspx' endpoint, manipulate predictable 'formid' values, and either download or delete user-uploaded files, or upload new files.

Impact

Exploitation of this vulnerability could lead to unauthorized access to, modification, or deletion of user-uploaded files.

Remediation

Users can upgrade to OPEXUS eCasePortal version 9.0.45.0 or later to address this vulnerability.

Added: Jan 8, 2026, 7:43 PM

Updated: Jan 8, 2026, 7:43 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

1.8

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

1.8

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OPEXUS eCasePortal Unauthenticated Insecure Direct Object Reference Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating