Opexus Foiaxpress Public Access Link (Pal)
4 CVEs affecting Opexus Foiaxpress Public Access Link (Pal). Latest disclosed: 2025-09-09. Critical: 1, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-58462 | Critical | 9.8 | 2025-09-09 | OPEXUS FOIAXpress Public Access Link (PAL) before version 11.13.1.0 allows SQL injection via SearchPopularDocs.aspx. A remote, unauthenticated attacker could r… |
CVE-2025-54834 | Medium | 5.3 | 2025-07-31 | OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows an unauthenticated, remote attacker to query the /App/CreateRequest.aspx endpoint to check fo… |
CVE-2025-54833 | Medium | 5.3 | 2025-07-31 | OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows attackers to bypass account-lockout and CAPTCHA protections. Unauthenticated remote attackers… |
CVE-2025-54832 | Medium | 4.3 | 2025-07-31 | OPEXUS FOIAXpress Public Access Link (PAL), version v11.1.0, allows an authenticated user to add entries to the list of states and territories. |