CVE-2023-48371
CRITICALITPison OMICARD EDM - Unauthenticated Unrestricted Upload of File with Dangerous Type
Title source: llmDescription
ITPison OMICARD EDM’s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service.
References (1)
Core 1
Core References
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-7590-55002-1.html
Scores
CVSS v3
9.8
EPSS
0.0096
EPSS Percentile
57.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-434
Status
published
Products (1)
itpison/omicard_edm
6.0.1.5
Published
Dec 15, 2023
Tracked Since
Feb 18, 2026