31 matches found
CVE-2026-10597
Affected product/vendor: OMICARD EDM — ITPison. Vulnerability: Insecure Direct Object Reference (IDOR) that allows unauthenticated remote attackers to modify a specific parameter to obtain a user’s email address. Impact (as described): Unauthorized disclosure of user email information due to IDOR...
EUVD-2026-34196
OMICARD EDM developed by ITPison has a Insecure Direct Object Reference vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to obtain user's email address...
EUVD-2024-44462
Malicious code in bioql PyPI...
CVE-2024-4894
ITPison OMICARD EDM fails to properly filter specific URL parameter, allowing unauthenticated remote attackers to modify the parameters and conduct Server-Side Request Forgery SSRF attacks. This vulnerability enables attackers to probe internal network information...
CVE-2024-4894
The CVE-2024-4894 entry concerns ITPison OMICARD EDM and describes an SSRF flaw caused by improper filtering of specific URL parameters. Unauthenticated remote attackers can modify parameters to trigger Server-Side Request Forgery, enabling probing of internal network information. Connected sourc...
CVE-2024-4894 ITPison OMICARD EDM - Server-Side Request Forgery
ITPison OMICARD EDM fails to properly filter specific URL parameter, allowing unauthenticated remote attackers to modify the parameters and conduct Server-Side Request Forgery SSRF attacks. This vulnerability enables attackers to probe internal network information...
CVE-2024-4894 ITPison OMICARD EDM - Server-Side Request Forgery
ITPison OMICARD EDM fails to properly filter specific URL parameter, allowing unauthenticated remote attackers to modify the parameters and conduct Server-Side Request Forgery SSRF attacks. This vulnerability enables attackers to probe internal network information...
ITPison OMICARD EDM 代码问题漏洞
ITPison OMICARD EDM is a high-speed newsletter EDM marketing and distribution system from China-based ITPison. A code issue vulnerability exists in ITPison OMICARD EDM versions prior to v6.0 that stems from the inability to properly filter specific URL parameters, which allows an unauthenticated,...
CVE-2023-48373
ITPison OMICARD EDM has a path traversal vulnerability within its parameter “FileName” in a specific function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files...
CVE-2023-48372
ITPison OMICARD EDM 's SMS-related function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database...
CVE-2023-48372
ITPison OMICARD EDM 's SMS-related function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database...
Path traversal
ITPison OMICARD EDM has a path traversal vulnerability within its parameter “FileName” in a specific function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files...
CVE-2023-48373 ITPison OMICARD EDM 's SMS - Path Traversal
ITPison OMICARD EDM has a path traversal vulnerability within its parameter “FileName” in a specific function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files...
CVE-2023-48373 ITPison OMICARD EDM 's SMS - Path Traversal
ITPison OMICARD EDM has a path traversal vulnerability within its parameter “FileName” in a specific function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files...
CVE-2023-48373
CVE-2023-48373 concerns ITPison OMICARD EDM, where a path traversal flaw exists in the FileName parameter of a specific function. An unauthenticated remote attacker can exploit this to bypass authentication and download arbitrary system files. Public records tie this to ITPison OMICARD EDM v6.0.1...
CVE-2023-48372 ITPison OMICARD EDM 's SMS - SQL Injection
ITPison OMICARD EDM 's SMS-related function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database...
CVE-2023-48372
The CVE-2023-48372 entry pertains to ITPison OMICARD EDM. The SMS-related function has insufficient input validation, enabling an unauthenticated remote attacker to inject arbitrary SQL commands to access, modify, and delete database data. This is described across multiple connected records (NVD/...
CVE-2023-48371
ITPison OMICARD EDM’s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service...
CVE-2023-48371
ITPison OMICARD EDM’s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service...
Design/Logic Flaw
ITPison OMICARD EDM’s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service...