vendor:
by:
Tejas Nitin Pingulkar
N/A
CVSS
HIGH
Remote Information Disclosure
CWE
Product Name:
Affected Version From: Smart Office Web 20.28
Affected Version To:
Patch Exists: NO
Related CWE: CVE-2022-47075 and CVE-2022-47076
CPE:
Platforms Tested:
2022
Smart Office Web 20.28 – Remote Information Disclosure (Unauthenticated)
Smart Office Web 20.28 and before allows Remote Information Disclosure(Unauthenticated) via insecure direct object reference (IDOR). This was fixed in latter version except for ExportEmployeeDetails.