CVE-2023-28700 MEDIUM

CVE-2023-28700: ITPison OMICARD EDM - Arbitrary File Upload

Weakness CWE-434 · Unrestricted file upload
Published June 2, 2023
Last update January 8, 2025

CVSS base score

6.8/10
Attack vector Adjacent
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

OMICARD EDM backend system’s file uploading function does not restrict upload of file with dangerous type. A local area network attacker with administrator privileges can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service.

Key dates

02Disclosure timeline

June 2, 2023 CVE published
January 8, 2025 Record updated

Related vulnerabilities

04Related CVE