An issue was discovered in Smart Office Web 20.28 and...
High severity
Unreviewed
Published
Mar 1, 2023
to the GitHub Advisory Database
•
Updated Jul 1, 2023
Description
Published by the National Vulnerability Database
Feb 28, 2023
Published to the GitHub Advisory Database
Mar 1, 2023
Last updated
Jul 1, 2023
An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the action name parameter to ExportEmployeeDetails.aspx, and to ExportReportingManager.aspx.
References