An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the action name parameter to ExportEmployeeDetails.aspx, and to ExportReportingManager.aspx.
CPE | Name | Operator | Version |
---|---|---|---|
smartoffice | le | 20.28 |