CVE 9.3 CRITICAL

Gotac｜Police Statistics Database System – Arbitrary File Upload_CVE-2026-1021

January 15, 2026 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Police Statistics Database System developed by Gotac has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attacker to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

AI Analysis

Arbitrary File Upload vulnerability allowing unauthenticated remote attackers to upload and execute web shell backdoors

Basic Information

ID CVE-2026-1021

Source twcert

Published Jan 16, 2026 at 03:08

Affected Product

Vendor Gotac

Product Police Statistics Database System

Affected Versions Gotac Police Statistics Database System 0

CWE Classification

CWE-434

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor Gotac

Product Police Statistics Database System

References

{
    "lastseen": "",
    "description": "Police Statistics Database System developed by Gotac has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attacker to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.",
    "published": "2026-01-16T03:08:42.422Z",
    "modified": "2026-01-16T03:08:42.422Z",
    "type": "cve",
    "title": "Gotac\uff5cPolice Statistics Database System - Arbitrary File Upload",
    "source": "twcert",
    "references": "https://www.twcert.org.tw/tw/cp-132-10637-3e4b3-1.html\nhttps://www.twcert.org.tw/en/cp-139-10638-0e44b-2.html",
    "id": "CVE-2026-1021",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434"
    ],
    "cvelist": null,
    "sourceData": "Gotac Police Statistics Database System 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Police Statistics Database System",
    "version": "0",
    "vendor": "Gotac",
    "ai_description": "Arbitrary File Upload vulnerability allowing unauthenticated remote attackers to upload and execute web shell backdoors",
    "ai_severity": "Critical",
    "ai_vendor": "Gotac",
    "ai_product": "Police Statistics Database System",
    "ai_version": "0",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply