CVE-2022-32964

CRITICAL

OMICARD EDM >=5.8 <6.0 - Unauthenticated SQL Injection via API Function

Title source: llm
STIX 2.1

Description

OMICARD EDM’s API function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to access, modify, delete database or disrupt service.

References (2)

Core 2
Core References
Third Party Advisory x_refsource_misc
https://www.twcert.org.tw/tw/cp-132-6372-f61bc-1.html

Scores

CVSS v3 9.8
EPSS 0.0117
EPSS Percentile 63.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
omicard_edm_project/omicard_edm 5.8 - 6.0
Published Aug 04, 2022
Tracked Since Feb 18, 2026