MidnightBSD

Advisories for descor

CVE-2018-13789 MEDIUM

An issue was discovered in Descor Infocad FM before 3.1.0.0. An unauthenticated web service allows the retrieval of files on the web server and on reachable SMB servers.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,CWE-294,CWE-522,

Products Affected

Vendor Product Version
descor infocad_fm *
CVE-2025-26852

DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 allows SQL Injection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 2.8 1.4

Products Affected

Vendor Product Version
descor infocad *
CVE-2025-26853

DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 has a broken authorization schema.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cve@mitre.org 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0

Products Affected

Vendor Product Version
descor infocad *