EPSS
Percentile
91.0%
An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the action name parameter to ExportEmployeeDetails.aspx, and to ExportReportingManager.aspx.
packetstormsecurity.com/files/173093/Smart-Office-Web-20.28-Information-Disclosure-Insecure-Direct-Object-Reference.html
cvewalkthrough.com/smart-office-suite-cve-2022-47076-cve-2022-47075/
cvewalkthrough.com/smart-office-suite-unauthenticated-data-ex/
youtu.be/D42upepxzwM