CVE-2026-51925 is a Local File Inclusion (LFI) vulnerability in docuForm GmbH Client v.11.11c. This vulnerability allows remote attackers to execute arbitrary code via the dfm-menu_report.php component. Attackers can exploit this flaw to read arbitrary files on the server, including sensitive configuration files, source code, or system files. The vulnerability has a CVSS score of 8.1 and is classified as [truncated]
An Insecure Direct Object Reference (IDOR) vulnerability exists in docuForm GmbH Client v.11.11c, allowing a remote attacker to execute arbitrary code via the user settings component, and modify or retrieve sensitive data associated with other users’ accounts. The vulnerability has a CVSS score of 8.1 and is classified as HIGH severity. This IDOR vulnerability is particularly concerning as it could allow [truncated]