An issue exists in Smart Office Web 20.28 and previous versions allows malicious users to download sensitive information via the action name parameter to ExportEmployeeDetails.aspx, and to ExportReportingManager.aspx.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
smartofficepayroll smartoffice |