CVE-2023-48372 CRITICAL

CVE-2023-48372: ITPison OMICARD EDM 's SMS - SQL Injection

Vendor Itpison

Product OMICARD EDM 's SMS

Weakness CWE-89 · SQLi

Published December 15, 2023

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

9.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

ITPison OMICARD EDM 's SMS-related function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database.

Key dates

02Disclosure timeline

December 15, 2023 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-48372

Related vulnerabilities

04Related CVE

CVE-2024-13072 1000 Projects Beauty Parlour Management System Customer Detail add-customer-services.php sql injection CVE-2025-8229 Campcodes Courier Management System parcel_list.php sql injection CVE-2026-9474 yashpokharna2555 StudentManagementSystem studentdel.php confirm_logged_in sql injection CVE-2025-10595 SourceCodester Online Student File Management System delete_user.php sql injection CVE-2025-1464 Baiyi Cloud Asset Management System admin.house.collect.php sql injection