go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

ITPison OMICARD EDM File Uploading Function - Path Traversal

TVN ID TVN-202312003
CVE ID CVE-2023-48373
CVSS 7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products OMICARD EDM’s file uploading function
Description ITPison OMICARD EDM has a path traversal vulnerability within its parameter “FileName” in a specific function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.
Solution Update version to v5.9
Credit Vtim(DEVCORE)
Public Date 2023-12-15

Links

  1. CVE-2023-48373
Top