CVE-2023-48372

Name of the Vulnerable Software and Affected Versions ITPison OMICARD EDM (affected versions not specified)

Description The SMS-related function in ITPison OMICARD EDM has insufficient validation for user input, allowing an unauthenticated remote attacker to inject arbitrary SQL commands. This can enable the attacker to access, modify, and delete database data. The vulnerability is related to the lack of protection for the SQL query structure, which can be exploited by a remote attacker to execute arbitrary SQL code and gain read, modify, or delete access to data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.