Description
Police Statistics Database System developed by Gotac has a Absolute Path Traversal vulnerability, allowing unauthenticated remote attackers to enumerate the system file directory.
Published: 2026-01-16
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is an Absolute Path Traversal flaw in the Police Statistics Database System from Gotac. It permits unauthenticated remote attackers to retrieve arbitrary system paths, exposing sensitive file structure information. This can lead to further exploitation of other weaknesses and compromise confidentiality.

Affected Systems

Gotac Police Statistics Database System. Versions prior to 1.0.3 are affected; the fix is available in version 1.0.3 and later.

Risk and Exploitability

The CVSS base score is 6.9 indicating a medium severity. EPSS is <1%, suggesting low likelihood of exploitation at present. The vulnerability is not listed in KEV, so no known active exploitation. Attackers can exploit it remotely without authentication by supplying a file path that resolves outside the intended directory.

Generated by OpenCVE AI on April 18, 2026 at 05:51 UTC.

Remediation

Vendor Solution

Update to version 1.0.3 or later.

OpenCVE Recommended Actions

  • Update the Police Statistics Database System to version 1.0.3 or newer.
  • Disable external file access that could allow path traversal by tightening configuration.
  • Monitor application logs for anomalous file access patterns.

Generated by OpenCVE AI on April 18, 2026 at 05:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 23 Jan 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Gotac police Statistics Database System
CPEs cpe:2.3:a:gotac:police_statistics_database_system:*:*:*:*:*:*:*:*
Vendors & Products Gotac police Statistics Database System

Fri, 16 Jan 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 16 Jan 2026 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Gotac
Gotac statistical Database System
Vendors & Products Gotac
Gotac statistical Database System

Fri, 16 Jan 2026 03:15:00 +0000

Type Values Removed Values Added
Description Police Statistics Database System developed by Gotac has a Absolute Path Traversal vulnerability, allowing unauthenticated remote attackers to enumerate the system file directory.
Title Gotac|Police Statistics Database System - Absolute Path Traversal
Weaknesses CWE-36
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Gotac Police Statistics Database System Statistical Database System
cve-icon MITRE

Status: PUBLISHED

Assigner: twcert

Published:

Updated: 2026-01-16T14:42:29.836Z

Reserved: 2026-01-16T02:00:23.125Z

Link: CVE-2026-1020

cve-icon Vulnrichment

Updated: 2026-01-16T14:42:26.899Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-16T03:16:18.590

Modified: 2026-01-23T20:25:02.853

Link: CVE-2026-1020

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T06:00:08Z

Weaknesses