VYPR
Unrated severityNVD Advisory· Published Jan 8, 2026· Updated Jan 8, 2026

OPEXUS eComplaint IDOR

CVE-2026-22235

Description

OPEXUS eComplaint before version 9.0.45.0 allows an attacker to visit the the 'DocumentOpen.aspx' endpoint, iterate through predictable values of 'chargeNumber', and download any uploaded files.

Affected products

2
  • Opexus/eComplaintllm-fuzzy2 versions
    <9.0.45.0+ 1 more
    • (no CPE)range: <9.0.45.0
    • (no CPE)range: 0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.