CVE-2022-47075

HIGH EXPLOITED NUCLEI

Smart Office Web <20.28 - Info Disclosure

Title source: llm

Description

An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the action name parameter to ExportEmployeeDetails.aspx, and to ExportReportingManager.aspx.

Exploits (1)

exploitdb WORKING POC

pythonwebappsaspx

https://www.exploit-db.com/exploits/51539

View Code ZIP pw:eip

Nuclei Templates (1)

Smart Office Web 20.28 - Information Disclosure

HIGHVERIFIEDby r3Y3r53

References (4)

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/173093/Smart-Office-Web-20.28-Information-Disclosure-Insecure-Direct-Object-Reference.html

[Exploit, Third Party Advisory] https://cvewalkthrough.com/smart-office-suite-cve-2022-47076-cve-2022-47075/

[Broken Link] https://cvewalkthrough.com/smart-office-suite-unauthenticated-data-ex/

[Permissions Required] https://youtu.be/D42upepxzwM

Scores

CVSS v3 7.5

EPSS 0.9205

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2025-05-12

Status published

Products (1)

smartofficepayroll/smartoffice < 20.28

Published Feb 28, 2023

Tracked Since Feb 18, 2026