Vulnerabilities (CVE)

Filtered by vendor Itpison Subscribe

Filtered by product Omicard Edm

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2023-48371	1 Itpison	1 Omicard Edm	2023-12-22	N/A	9.8 CRITICAL
ITPison OMICARD EDM’s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service.
CVE-2023-48372	1 Itpison	1 Omicard Edm	2023-12-22	N/A	9.8 CRITICAL
ITPison OMICARD EDM 's SMS-related function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database.