CVE-2023-28700

Name of the Vulnerable Software and Affected Versions OMICARD EDM ITPison (affected versions not specified) OMICARD EDM (affected versions not specified)

Description The issue is related to the file uploading function in the OMICARD EDM backend system, which does not restrict the upload of files with dangerous types. This can be exploited by an attacker, potentially remotely or with administrator privileges on a local area network, to upload and run arbitrary executable files. This exploitation could allow the attacker to perform arbitrary system commands or disrupt the service.

Recommendations For OMICARD EDM ITPison, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For OMICARD EDM, consider restricting access to the file uploading function until a patch is available, and ensure that only authorized personnel with the necessary privileges can upload files to minimize the risk of exploitation.