[VULNERABILITY ALERT] Jin Zhun Information | Police Statistics Database System - Contains 2 Critical Security Vulnerabilities (CVE-2026-1019)(CVE-2026-1021)

POSTING DATE: 2026/01/23

Subject: [VULNERABILITY ALERT] Jin Zhun Information | Police Statistics Database System - Contains 2 Critical Security Vulnerabilities (CVE-2026-1019)(CVE-2026-1021)

Content Description:
- Forwarded from Taiwan Computer Emergency Response Team/Coordination Center Security Alert TWCERTCC-200-202601-00000017
- [Jin Zhun Information | Police Statistics Database System - Missing Authentication] (CVE-2026-1019, CVSS: 9.8) The Police Statistics Database System contains a Missing Authentication vulnerability. An unauthenticated remote attacker can exploit specific functions to read, modify, and delete database content.
- [Jin Zhun Information | Police Statistics Database System - Arbitrary File Upload] (CVE-2026-1021, CVSS: 9.8) The Police Statistics Database System contains an Arbitrary File Upload vulnerability. An unauthenticated remote attacker can upload and execute web backdoors, thereby executing arbitrary code on the server side.
Affected Platforms:
- Police Statistics Database System version 1.0.2 (inclusive) and earlier
Recommended Actions:
- Update to version 1.0.3 (inclusive) or later
Reference Material:
1. https://www.twcert.org.tw/tw/cp-132-10637-3e4b3-1.html

Computer and Communication Center
Network Systems Division, Respectfully