Vulnerability Description
An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the action name parameter to ExportEmployeeDetails.aspx, and to ExportReportingManager.aspx.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Smartofficepayroll | Smartoffice | <= 20.28 |
References
- http://packetstormsecurity.com/files/173093/Smart-Office-Web-20.28-Information-D
- https://cvewalkthrough.com/smart-office-suite-cve-2022-47076-cve-2022-47075/ExploitThird Party Advisory
- https://cvewalkthrough.com/smart-office-suite-unauthenticated-data-ex/Broken Link
- https://youtu.be/D42upepxzwMPermissions Required
- http://packetstormsecurity.com/files/173093/Smart-Office-Web-20.28-Information-D
- https://cvewalkthrough.com/smart-office-suite-cve-2022-47076-cve-2022-47075/ExploitThird Party Advisory
- https://cvewalkthrough.com/smart-office-suite-unauthenticated-data-ex/Broken Link
- https://youtu.be/D42upepxzwMPermissions Required
FAQ
What is CVE-2022-47075?
CVE-2022-47075 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the action name parameter to ExportEmployeeDetails.aspx, and to ExportReportingMana...
How severe is CVE-2022-47075?
CVE-2022-47075 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-47075?
Check the references section above for vendor advisories and patch information. Affected products include: Smartofficepayroll Smartoffice.