Описание
OMICARD EDM backend system’s file uploading function does not restrict upload of file with dangerous type. A local area network attacker with administrator privileges can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
EPSS
6.8 Medium
CVSS3
Дефекты
Связанные уязвимости
OMICARD EDM backend system’s file uploading function does not restrict upload of file with dangerous type. A local area network attacker with administrator privileges can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service.
Уязвимость функции загрузки файлов программного обеспечения OMICARD EDM ITPison, позволяющая нарушителю загружать произвольные файлы
EPSS
6.8 Medium
CVSS3