ITPison OMICARD EDM - Arbitrary File Upload
CVE-2023-32753

9.8CRITICAL

Key Information:

Vendor: Itpison
Status: Contact Itpison
Vendor: CVE Published:; 16 June 2023

What is CVE-2023-32753?

OMICARD EDM contains a file upload flaw that permits unauthenticated attackers to upload unsafe file types. This oversight can lead to the execution of arbitrary code, enabling attackers to execute system commands or disrupt service operations. Ensuring proper validation and restrictions on file uploads is crucial to mitigating this risk.

Affected Version(s)

Contact ITPison 0

References

https://www.twcert.org.tw/en/cp-139-7190-d73c1-2.html

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2023
Vulnerability Reserved
May 15, 2023

CVE-2023-32753 Data

JSON

Itpison

What is CVE-2023-32753?

Affected Version(s)

References

CVSS V3.1

Timeline