Vulnerabilities > CVE-2023-28700 - Unspecified vulnerability in Itpison Omicard EDM

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

itpison

NVD

Published: 2023-06-02

Updated: 2024-11-21

Summary

OMICARD EDM backend system’s file uploading function does not restrict upload of file with dangerous type. A local area network attacker with administrator privileges can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service.

Vulnerable Configurations

Part	Description	Count
Application	Itpison Itpison Omicard EDM -	1

References

https://www.twcert.org.tw/tw/cp-132-7144-b7536-1.html
https://www.twcert.org.tw/tw/cp-132-7144-b7536-1.html