Insufficient Validation in OMICARD EDM's API Allows SQL Injection Attacks

CVE-2022-32964 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

OMICARD EDM’s API function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to access, modify, delete database or disrupt service.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.