CVE-2022-47075

Опубликовано: 28 фев. 2023

Источник: nvd

CVSS3: 7.5

EPSS Критический

Описание

An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the action name parameter to ExportEmployeeDetails.aspx, and to ExportReportingManager.aspx.

Ссылки

http://packetstormsecurity.com/files/173093/Smart-Office-Web-20.28-Information-Disclosure-Insecure-Direct-Object-Reference.html
https://cvewalkthrough.com/smart-office-suite-cve-2022-47076-cve-2022-47075/
Exploit
Third Party Advisory
https://cvewalkthrough.com/smart-office-suite-unauthenticated-data-ex/
Broken Link
https://youtu.be/D42upepxzwM
Permissions Required
http://packetstormsecurity.com/files/173093/Smart-Office-Web-20.28-Information-Disclosure-Insecure-Direct-Object-Reference.html
https://cvewalkthrough.com/smart-office-suite-cve-2022-47076-cve-2022-47075/
Exploit
Third Party Advisory
https://cvewalkthrough.com/smart-office-suite-unauthenticated-data-ex/
Broken Link
https://youtu.be/D42upepxzwM
Permissions Required

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:smartofficepayroll:smartoffice:*:*:*:*:web:*:*:*

Версия до 20.28 (включая)

EPSS

Процентиль: 100%

0.92526

Критический

7.5 High

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-7gc2-q47v-36w5