TCS BaNCS 10 JSP FilePath Inclusion (CVE-2025-0202)
CVE-2025-0202 Published on January 4, 2025
TCS BaNCS REPORTS_SHOW_FILE.jsp file inclusion
A vulnerability was found in TCS BaNCS 10. It has been classified as problematic. This affects an unknown part of the file /REPORTS/REPORTS_SHOW_FILE.jsp. The manipulation of the argument FilePath leads to file inclusion. The real existence of this vulnerability is still doubted at the moment.
Timeline
Advisory disclosed
VulDB entry created
VulDB entry last update 19 days later.
Weakness Type
External Control of File Name or Path
The software allows user input to control or influence paths or file names that are used in filesystem operations.
Affected Versions
TCS BaNCS Version 10 is affected by CVE-2025-0202Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.