CVE-2022-32964
CRITICALOMICARD EDM >=5.8 <6.0 - Unauthenticated SQL Injection via API Function
Title source: llmDescription
OMICARD EDM’s API function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to access, modify, delete database or disrupt service.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://www.twcert.org.tw/tw/cp-132-6372-f61bc-1.html
Third Party Advisory x_refsource_misc
https://www.chtsecurity.com/news/48032532-b2de-401c-97a8-a2be5691988f
Scores
CVSS v3
9.8
EPSS
0.0117
EPSS Percentile
63.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
omicard_edm_project/omicard_edm
5.8 - 6.0
Published
Aug 04, 2022
Tracked Since
Feb 18, 2026