Vulnerability Details CVE-2022-30628
It was possible to download all receipts without authentication. Must first access the API https://XXXX.supersmart.me/services/v4/customer/signin to get a TOKEN. Then you can then access the API that provides invoice images based on the URL https://XXXX.supersmart.me/services/v4/invoiceImg?orderId=XXXXX
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 13.5%
CVSS Severity
CVSS v3 Score 4.8
References
Products affected by CVE-2022-30628
-
cpe:2.3:a:supersmart:supersmart.me_-_walk_through:-