2 matches found
CVE-2022-30628 Supersmart.me – Walk Through access to business information without authentication
It was possible to download all receipts without authentication. Must first access the API https://XXXX.supersmart.me/services/v4/customer/signin to get a TOKEN. Then you can then access the API that provides invoice images based on the URL...
CVE-2022-30628
The CVE-2022-30628 entry describes an authentication flaw in Supersmart.me where an attacker can download all receipts without proper authentication. Access starts by calling the API at https://XXXX.supersmart.me/services/v4/customer/signin to obtain a TOKEN, then the API at https://XXXX.supersma...