CVE-2022-32964

ITPison OMICARD EDM - SQL Injection

CVSS 9.8 CRITICALEPSS 1.1%CWE-89

Vexday Risk Score

28Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 9.8EPSS 1.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

04 Aug 2022Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

OMICARD EDM’s API function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to access, modify, delete database or disrupt service.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

ITPison · OMICARD EDM

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.chtsecurity.com/news/48032532-b2de-401c-97a8-a2be5691988f https://www.twcert.org.tw/tw/cp-132-6372-f61bc-1.html