CVE-2025-58462

Summary

OPEXUS FOIAXpress Public Access Link (PAL) before version 11.13.1.0 allows SQL injection via SearchPopularDocs.aspx. A remote, unauthenticated attacker could read, write, or delete any content in the underlying database.

Affected Software

VendorProductVersion RangeStatus
OPEXUSFOIAXpress Public Access Link (PAL)0 < 11.13.1.0affected
OPEXUSFOIAXpress Public Access Link (PAL)11.13.1.0unaffected

Weaknesses

  • CWE-89: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References