Description
Police Statistics Database System developed by Gotac has an Arbitrary File Read vulnerability, allowing Unauthenticated remote attacker to exploit Absolute Path Traversal to download arbitrary system files.
Published: 2026-01-16
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized File Disclosure
Action: Patch
AI Analysis

Impact

The Vulnerability occurs due to an absolute path traversal flaw within the Gotac Police Statistics Database System, allowing a remote, unauthenticated attacker to read any file on the underlying file system. This flaw represents a confidentiality breach, exposing sensitive system information and potentially proprietary or personal data. The weakness is classified as CWE‑36: Absolute Path Traversal.

Affected Systems

The affected product is the Gotac Police Statistics Database System. All installations running any version prior to 1.0.3 are vulnerable. The vendor has released version 1.0.3 and later which contain the fix.

Risk and Exploitability

The CVSS score of 8.7 indicates a high severity vulnerability, while the EPSS score of less than 1% suggests a currently low likelihood of exploitation, and the vulnerability is not listed in CISA’s KEV catalog. Based on the description, the likely attack vector is the exposed web interface or API that allows an unauthenticated attacker to send a crafted request and trigger the traversal. An attacker would require only the ability to send such a request to the system, which is typically sufficient for remote exploitation on systems exposed to the Internet.

Generated by OpenCVE AI on April 18, 2026 at 16:06 UTC.

Remediation

Vendor Solution

Update to version 1.0.3 or later.

OpenCVE Recommended Actions

  • Apply the official update to version 1.0.3 or later.
  • Ensure the application is protected behind a firewall and is only accessible from trusted networks.
  • Restrict file system permissions so that the application can read only the files it needs and can not access sensitive directories.

Generated by OpenCVE AI on April 18, 2026 at 16:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 23 Jan 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Gotac police Statistics Database System
CPEs cpe:2.3:a:gotac:police_statistics_database_system:*:*:*:*:*:*:*:*
Vendors & Products Gotac police Statistics Database System

Fri, 16 Jan 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 16 Jan 2026 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Gotac
Gotac statistical Database System
Vendors & Products Gotac
Gotac statistical Database System

Fri, 16 Jan 2026 02:45:00 +0000

Type Values Removed Values Added
Description Police Statistics Database System developed by Gotac has an Arbitrary File Read vulnerability, allowing Unauthenticated remote attacker to exploit Absolute Path Traversal to download arbitrary system files.
Title Gotac|Police Statistics Database System - Arbitrary File Read
Weaknesses CWE-36
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Gotac Police Statistics Database System Statistical Database System
cve-icon MITRE

Status: PUBLISHED

Assigner: twcert

Published:

Updated: 2026-01-16T14:48:17.711Z

Reserved: 2026-01-16T02:00:20.527Z

Link: CVE-2026-1018

cve-icon Vulnrichment

Updated: 2026-01-16T14:48:13.956Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-16T03:16:18.110

Modified: 2026-01-23T20:29:22.370

Link: CVE-2026-1018

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T16:15:04Z

Weaknesses