Vulnerability Details CVE-2022-37140
PayMoney 3.3 is vulnerable to Client Side Remote Code Execution (RCE). The vulnerability exists on the reply ticket function and upload the malicious file. A calculator will open when the victim who download the file open the RTF file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.038
EPSS Ranking 87.6%
CVSS Severity
CVSS v3 Score 8.0
References