Insufficient Validation in OMICARD EDM's API Allows SQL Injection Attacks
CVE-2022-32964 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
OMICARD EDM’s API function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to access, modify, delete database or disrupt service.
Learn more about our Cis Benchmark Audit For Microsoft Sql Server.