CVE-2026-0522 in FMИнформация

Сводка (Английский)

A local file inclusion vulnerability in the upload/download flow of the VertiGIS FM application allows authenticated attackers to read arbitrary files from the server by manipulating a file's path during its upload. When the file is subsequently downloaded, the file in the attacker controlled path is returned. Due to the application's ASP.NET architecture, this could potentially lead to remote code execution when the "web.config" file is obtained. Furthermore, the application resolves UNC paths which may enable NTLM-relaying attacks.







This issue affects VertiGIS FM: 10.5.00119 (0d29d428).

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Ответственный

NCSC.ch

Резервировать

17.12.2025

Раскрытие

01.04.2026

Статус

Подтверждённый

Записи

VulDB provides additional information and datapoints for this CVE:

ИДУязвимостьCWEЭксКонCVE
354662VertiGIS FM эскалация привилегий610Доказательство концепцииОфициальное исправлениеCVE-2026-0522

Описание

CPE

CWE

CVSS

Эксплойты

История

Разница

Связать

Разведка угроз

API JSON

API XML

API CSV

Источники

ПредыдущийОбзорДалее

Want to know what is going to be exploited?

We predict KEV entries!