Ioannis Giannakopoulos

3 exploits Active since Mar 2025
CVE-2025-26137 WRITEUP HIGH WRITEUP
Systemic Risk Value <= 2.8.0 - Unauthenticated Local File Inclusion via GetFile.aspx ReportUrl Parameter
Systemic Risk Value <=2.8.0 is vulnerable to Local File Inclusion via /GetFile.aspx?ReportUrl=. An unauthenticated attacker can exploit this issue to read arbitrary system files by supplying a crafted file path, potentially exposing sensitive information.
CVSS 7.5
CVE-2025-26138 WRITEUP MEDIUM WRITEUP
Systemic Risk Value <= 2.8.0 - Unauthenticated Improper Access Control via Predictable File ID Parameter
Systemic Risk Value <=2.8.0 is vulnerable to improper access control in /RiskValue/GroupingEntities/Controls/GetFile.aspx?ID=. Uploaded files are accessible via a predictable numerical ID parameter, allowing unauthorized users to increment or decrement the ID to access and download files they do not have permission to view.
CVSS 6.5
CVE-2025-52395 WRITEUP CRITICAL WRITEUP
Roadcute API v.1 - Unauthenticated Remote Code Execution via Password Reset Endpoint
An issue in Roadcute API v.1 allows a remote attacker to execute arbitrary code via the application exposing a password reset API endpoint that fails to validate the identity of the requester properly
CVSS 9.8