Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Omicard Edm Project Subscribe
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-35216 1 Omicard Edm Project 1 Omicard Edm 2022-10-25 N/A 7.5 HIGH
OMICARD EDM’s mail image relay function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to by-pass authentication and access arbitrary system files.
CVE-2022-32965 1 Omicard Edm Project 1 Omicard Edm 2022-10-25 N/A 9.8 CRITICAL
OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code, manipulate system data and disrupt service.
CVE-2022-32964 1 Omicard Edm Project 1 Omicard Edm 2022-10-25 N/A 9.8 CRITICAL
OMICARD EDM’s API function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to access, modify, delete database or disrupt service.
CVE-2022-32963 1 Omicard Edm Project 1 Omicard Edm 2022-10-25 N/A 7.5 HIGH
OMICARD EDM’s mail file relay function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to by-pass authentication and access arbitrary system files.