ITPison OMICARD EDM 's SMS - SQL Injection
CVE-2023-48372

9.8CRITICAL

Key Information:

Vendor: ITPison
Status: OMICARD EDM 's SMS
Vendor: CVE Published:; 15 December 2023

What is CVE-2023-48372?

The ITPison OMICARD EDM system contains a vulnerability in its SMS-related functionality due to inadequate validation of user input. This flaw allows unauthenticated remote attackers to inject arbitrary SQL commands. By manipulating the input, attackers can gain unauthorized access to the database, leading to potential data exposure, modification, or deletion, posing significant risks to data integrity and security.

Affected Version(s)

OMICARD EDM 's SMS v6.0.1.5

References

https://www.twcert.org.tw/tw/cp-132-7591-07c51-1.html

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 15, 2023
Vulnerability Reserved
Nov 16, 2023

CVE-2023-48372 Data

JSON