Itpison Omicard Edm
7 CVEs affecting Itpison Omicard Edm. Latest disclosed: 2026-06-04. Critical: 2, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-32965 | Critical | 9.8 | 2022-08-04 | OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitr… |
CVE-2022-32964 | Critical | 9.8 | 2022-08-04 | OMICARD EDM’s API function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to access, modify… |
CVE-2022-35216 | High | 7.5 | 2022-08-04 | OMICARD EDM’s mail image relay function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to by-pass authen… |
CVE-2022-32963 | High | 7.5 | 2022-08-04 | OMICARD EDM’s mail file relay function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to by-pass authent… |
CVE-2023-28700 | Medium | 6.8 | 2023-06-02 | OMICARD EDM backend system’s file uploading function does not restrict upload of file with dangerous type. A local area network attacker with administrator pri… |
CVE-2026-10597 | Medium | 5.3 | 2026-06-04 | OMICARD EDM developed by ITPison has a Insecure Direct Object Reference vulnerability, allowing unauthenticated remote attackers to modify a specific parameter… |
CVE-2024-4894 | Medium | 5.3 | 2024-05-15 | ITPison OMICARD EDM fails to properly filter specific URL parameter, allowing unauthenticated remote attackers to modify the parameters and conduct Server-Sid… |