CVE-2022-47075
published 2023-02-28CVE-2022-47075: An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the action name parameter to…
PriorityP181high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
59.41%
99.0th percentile
An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the action name parameter to ExportEmployeeDetails.aspx, and to ExportReportingManager.aspx.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| smartofficepayroll | smartoffice | <= 20.28 | — |
Detection & IOCsextracted from sources · hover to see the quote
sigma↗
HTTP GET to /ExportReportingManager.aspx returning HTTP 200 with content-type application/CSV containing 'EmployeeName' and 'EmployeeCode'
- →Detect unauthenticated GET requests to the vulnerable export endpoints: /ExportEmployeeDetails.aspx, /ExportReportingManager.aspx, /ExportEmployeeLoginDetails.aspx, and /DisplayParallelLogData.aspx — especially with ActionName query parameters. ↗
- →Flag HTTP responses with Content-Type 'application/CSV' from Smart Office Web endpoints containing the strings 'EmployeeName' and 'EmployeeCode' in the body, which indicate successful sensitive data exfiltration. ↗
- →Use the Shodan dork to identify exposed Smart Office Web instances on the internet that may be targeted. ↗
- →Monitor for downloads of files named ExportEmployeeDetails.csv, ExportReportingManager.csv, ExportEmployeeLoginDetails.csv, ExportEmployeeOtherDetails.csv, or DisplayParallelLogData.txt from Smart Office Web servers, as these are the output artifacts of successful exploitation. ↗
- ·CVE-2022-47075 covers ExportEmployeeDetails.aspx and ExportReportingManager.aspx. A related but distinct CVE (CVE-2022-47076) covers additional endpoints including DisplayParallelLogData.aspx and ExportEmployeeLoginDetails.aspx. The exploit script targets both CVEs together. ↗
- ·The vendor partially patched the vulnerability in versions after 20.28, but ExportEmployeeDetails.aspx remained vulnerable even in later versions according to the researcher. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7gc2-q47v-36w5: An issue was discovered in Smart Office Web 20
ghsa_unreviewed·2023-03-01
CVE-2022-47075 [HIGH] GHSA-7gc2-q47v-36w5: An issue was discovered in Smart Office Web 20
An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the action name parameter to ExportEmployeeDetails.aspx, and to ExportReportingManager.aspx.
VulnCheck
Smart Office Web Action Name Parameter Information Disclosure Vulnerability
vulncheck·2022·CVSS 7.5
CVE-2022-47075 [HIGH] Smart Office Web Action Name Parameter Information Disclosure Vulnerability
Smart Office Web Action Name Parameter Information Disclosure Vulnerability
An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the action name parameter to ExportEmployeeDetails.aspx, and to ExportReportingManager.aspx.
Affected: smartofficepayroll smartoffice
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2025-05-12&host_type=src&vulnerability=cve-2022-47075; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2025-05-13&host_type=src&vulnerability=cve-2022-47075; https://dashboard.shad
No detection rules found.
Exploit-DB
Smart Office Web 20.28 - Remote Information Disclosure (Unauthenticated)
exploitdb·2023-06-22·CVSS 7.5
CVE-2022-47076 [HIGH] Smart Office Web 20.28 - Remote Information Disclosure (Unauthenticated)
Smart Office Web 20.28 - Remote Information Disclosure (Unauthenticated)
---
# Exploit Title: Smart Office Web 20.28 - Remote Information Disclosure (Unauthenticated)
# Shodan Dork:: inurl:"https://www.shodan.io/search?query=smart+office"
# Date: 09/Dec/2022
# Exploit Author: Tejas Nitin Pingulkar (https://cvewalkthrough.com/)
# Vendor Homepage: https://smartofficepayroll.com/
# Software Link: https://smartofficepayroll.com/downloads
# Version: Smart Office Web 20.28 and before
# CVE Number : CVE-2022-47075 and CVE-2022-47076
# CVSS : 7.5 (High)
# Reference : https://cvewalkthrough.com/smart-office-suite-cve-2022-47076-cve-2022-47075/
# Vulnerability Description:
# Smart Office Web 20.28 and before allows Remote Information Disclosure(Unauthenticated) via insecure direct object reference
Nuclei
Smart Office Web 20.28 - Information Disclosure
nuclei·CVSS 7.5
CVE-2022-47075 [HIGH] Smart Office Web 20.28 - Information Disclosure
Smart Office Web 20.28 - Information Disclosure
An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the action name parameter to ExportEmployeeDetails.aspx, and to ExportReportingManager.aspx.
Template:
id: CVE-2022-47075
info:
name: Smart Office Web 20.28 - Information Disclosure
author: r3Y3r53
severity: high
description: |
An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the action name parameter to ExportEmployeeDetails.aspx, and to ExportReportingManager.aspx.
impact: |
Unauthenticated attackers can download sensitive employee information including personal details, employee codes, and reporting relationships through vulnerable export endpoints in Sm
No writeups or analysis indexed.
http://packetstormsecurity.com/files/173093/Smart-Office-Web-20.28-Information-Disclosure-Insecure-Direct-Object-Reference.htmlhttps://cvewalkthrough.com/smart-office-suite-cve-2022-47076-cve-2022-47075/https://cvewalkthrough.com/smart-office-suite-unauthenticated-data-ex/https://youtu.be/D42upepxzwMhttp://packetstormsecurity.com/files/173093/Smart-Office-Web-20.28-Information-Disclosure-Insecure-Direct-Object-Reference.htmlhttps://cvewalkthrough.com/smart-office-suite-cve-2022-47076-cve-2022-47075/https://cvewalkthrough.com/smart-office-suite-unauthenticated-data-ex/https://youtu.be/D42upepxzwM
2023-02-28
Published
Exploited in the wild