Описание
OMICARD EDM’s API function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to access, modify, delete database or disrupt service.
Ссылки
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 5.8 (включая) до 6.0 (включая)
cpe:2.3:a:omicard_edm_project:omicard_edm:*:*:*:*:*:*:*:*
EPSS
Процентиль: 67%
0.0055
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-89
CWE-89
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
OMICARD EDM’s API function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to access, modify, delete database or disrupt service.
EPSS
Процентиль: 67%
0.0055
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-89
CWE-89