13 matches found
VulnCheck KEV: CVE-2022-47075
An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the action name parameter to ExportEmployeeDetails.aspx, and to ExportReportingManager.aspx...
Smart Office Web 20.28 Information Disclosure / Insecure Direct Object Reference
Exploit Title: Smart Office Web 20.28 - Remote Information Disclosure Unauthenticated Shodan Dork:: inurl:"https://www.shodan.io/search?query=smart+office" Date: 09/Dec/2022 Exploit Author: Tejas Nitin Pingulkar https://cvewalkthrough.com/ Vendor Homepage: https://smartofficepayroll.com/ Software...
CVE-2022-47076
An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to view sensitive information via DisplayParallelLogData.aspx...
CVE-2022-47076
An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to view sensitive information via DisplayParallelLogData.aspx...
CVE-2022-47075
An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the action name parameter to ExportEmployeeDetails.aspx, and to ExportReportingManager.aspx...
CVE-2022-47075
An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the action name parameter to ExportEmployeeDetails.aspx, and to ExportReportingManager.aspx...
Design/Logic Flaw
An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to view sensitive information via DisplayParallelLogData.aspx...
Design/Logic Flaw
An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the action name parameter to ExportEmployeeDetails.aspx, and to ExportReportingManager.aspx...
CVE-2022-47076
An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to view sensitive information via DisplayParallelLogData.aspx...
CVE-2022-47076
An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to view sensitive information via DisplayParallelLogData.aspx...
CVE-2022-47075
An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the action name parameter to ExportEmployeeDetails.aspx, and to ExportReportingManager.aspx...
CVE-2022-47076
CVE-2022-47076 affects Smart Office Web 20.28 and earlier. The issue allows attackers to view sensitive information via the DisplayParallelLogData.aspx page, constituting an information disclosure that impacts confidentiality. The CVSS v3.1 base score is 7.5 (HIGH) with NETWORK attack vector, LOW...
CVE-2022-47075
Smart Office Web 20.28 and earlier versions are affected by CVE-2022-47075 and CVE-2022-47076, both resulting in information disclosure. The impact is unauthenticated data exposure via insecure endpoints: ExportEmployeeDetails.aspx (action parameter) and ExportReportingManager.aspx for CVE-2022-4...