6 matches found
Smart Office Web 20.28 - Information Disclosure
An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the action name parameter to ExportEmployeeDetails.aspx, and to ExportReportingManager.aspx. id: CVE-2022-47075 info: name: Smart Office Web 20.28 - Information Disclosure author:...
CVE-2022-47075
An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the action name parameter to ExportEmployeeDetails.aspx, and to ExportReportingManager.aspx...
CVE-2022-47075
creationtimestamp| type| source ---|---|--- 2025-05-14 21:02:22+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lp5vio2usk2s 2025-06-01 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-06-01 2025-06-29 00:00:00+00:00| seen| The Shadowserver...
Smart Office Web 20.28 Information Disclosure / Insecure Direct Object Reference
Exploit Title: Smart Office Web 20.28 - Remote Information Disclosure Unauthenticated Shodan Dork:: inurl:"https://www.shodan.io/search?query=smart+office" Date: 09/Dec/2022 Exploit Author: Tejas Nitin Pingulkar https://cvewalkthrough.com/ Vendor Homepage: https://smartofficepayroll.com/ Software...
Smart Office Web 20.28 - Remote Information Disclosure (Unauthenticated)
Exploit Title: Smart Office Web 20.28 - Remote Information Disclosure Unauthenticated Shodan Dork:: inurl:"https://www.shodan.io/search?query=smart+office" Date: 09/Dec/2022 Exploit Author: Tejas Nitin Pingulkar https://cvewalkthrough.com/ Vendor Homepage: https://smartofficepayroll.com/ Software...
CVE-2022-47075
Smart Office Web 20.28 and earlier versions are affected by CVE-2022-47075 and CVE-2022-47076, both resulting in information disclosure. The impact is unauthenticated data exposure via insecure endpoints: ExportEmployeeDetails.aspx (action parameter) and ExportReportingManager.aspx for CVE-2022-4...