Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Omicard Edm Security Vulnerabilities

cve
cve

CVE-2023-28700

OMICARD EDM backend systemโ€™s file uploading function does not restrict upload of file with dangerous type. A local area network attacker with administrator privileges can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service.

6.8CVSS

6.7AI Score

0.0004EPSS

2023-06-02 11:15 AM
14
cve
cve

CVE-2023-32753

OMICARD EDMโ€™s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service.

9.8CVSS

9.6AI Score

0.003EPSS

2023-06-16 04:15 AM
15
cve
cve

CVE-2023-48371

ITPison OMICARD EDMโ€™s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service.

9.8CVSS

9.6AI Score

0.003EPSS

2023-12-15 04:15 AM
10
cve
cve

CVE-2023-48372

ITPison OMICARD EDM 's SMS-related function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database.

9.8CVSS

9.7AI Score

0.002EPSS

2023-12-15 05:15 AM
13
cve
cve

CVE-2023-48373

ITPison OMICARD EDM has a path traversal vulnerability within its parameter โ€œFileNameโ€ in a specific function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.

7.5CVSS

7.8AI Score

0.001EPSS

2023-12-15 05:15 AM
20