DVS Avilys < 3.5.58 - Unauthenticated Sensitive Information Exposure via Reporting Module
The Reporting module in Aseco Lietuva document management system DVS Avilys before 3.5.58 allows unauthorized file download. An unauthenticated attacker can impersonate an administrator by reading administrative files.