OMICARD EDM’s API function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to access, modify, delete database or disrupt service.
CPE | Name | Operator | Version |
---|---|---|---|
omicard_edm | ge | 5.8 | |
omicard_edm | le | 6.0 |