CVE-2026-1021
BaseFortify
Publication date: 2026-01-16
Last updated on: 2026-01-16
Assigner: TWCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gotac | police_statistics_database_system | From 1.0.3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Arbitrary File Upload flaw in the Police Statistics Database System developed by Gotac. It allows an unauthenticated remote attacker to upload and execute web shell backdoors on the server, which enables the attacker to execute arbitrary code remotely without any authentication.
How can this vulnerability impact me? :
The vulnerability can lead to a full compromise of the server hosting the Police Statistics Database System. An attacker can upload malicious files and execute arbitrary code, potentially gaining control over the system, which can result in data breaches, system manipulation, and disruption of services.
What immediate steps should I take to mitigate this vulnerability?
The recommended immediate step to mitigate this vulnerability is to update the Police Statistics Database System to version 1.0.3 or later. [1, 2]