go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

ITPison OMICARD EDM File Uploading Function - SQL Injection

TVN ID TVN-202312002
CVE ID CVE-2023-48372
CVSS 9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products OMICARD EDM’s file uploading function
Description ITPison OMICARD EDM 's SMS-related function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database.
Solution Update version to v5.9
Credit Vtim(DEVCORE)
Public Date 2023-12-15

Links

  1. CVE-2023-48372
Top