TVN ID: TVN-202601005 CVE ID: CVE-2026-1018, CVE-2026-1019, CVE-2026-1020, CVE-2026-1021 Affected Products: Police Statistics Database System Description: - CVE-2026-1018: Arbitrary File Read vulnerability allowing unauthenticated remote attackers to download arbitrary system files. - CVE-2026-1019: Missing Authentication vulnerability allowing unauthenticated remote attackers to read, modify, and delete database contents. - CVE-2026-1020: Absolute Path Traversal vulnerability allowing unauthenticated remote attackers to enumerate the system file directory. - CVE-2026-1021: Arbitrary File Upload vulnerability allowing unauthenticated remote attackers to upload and execute web shell backdoors. Solution: Update to version 1.0.3 or later. Credit: Linwz(DEVSCORE) Public Date: 2026-01-16