← back
CVE-2022-47075

CVE-2022-47075

CVSS 7.5 HIGHEPSS 59.4%◆ VulnCheck KEV
Vexday Risk Score
90Fix now
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS 7.5EPSS 59.4%KEV nãoPoC públicaNuclei simMetasploit Patch
Lifecycle
28 Feb 2023Published on NVD
22 Jun 2023Public PoC
Weaponization speed
114 daysto first PoC
Recommendation: Patch as soon as possible — active exploitation confirmed.
An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the action name parameter to ExportEmployeeDetails.aspx, and to ExportReportingManager.aspx.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.