Vulnerability Details CVE-2022-47075
An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the action name parameter to ExportEmployeeDetails.aspx, and to ExportReportingManager.aspx.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.914
EPSS Ranking 99.6%
CVSS Severity
CVSS v3 Score 7.5
References
- http://packetstormsecurity.com/files/173093/Smart-Office-Web-20.28-Information-Disclosure-Insecure-Direct-Object-Reference.html
- https://cvewalkthrough.com/smart-office-suite-cve-2022-47076-cve-2022-47075/
- https://cvewalkthrough.com/smart-office-suite-unauthenticated-data-ex/
- https://youtu.be/D42upepxzwM
- http://packetstormsecurity.com/files/173093/Smart-Office-Web-20.28-Information-Disclosure-Insecure-Direct-Object-Reference.html
- https://cvewalkthrough.com/smart-office-suite-cve-2022-47076-cve-2022-47075/
- https://cvewalkthrough.com/smart-office-suite-unauthenticated-data-ex/
- https://youtu.be/D42upepxzwM
Products affected by CVE-2022-47075
-
cpe:2.3:a:smartofficepayroll:smartoffice:*