cbcvebase.
CVE-2022-47076
published 2023-02-28

CVE-2022-47076: An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to view sensitive information via DisplayParallelLogData.aspx.

PriorityP355high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
6.18%
92.6th percentile
An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to view sensitive information via DisplayParallelLogData.aspx.

Affected

1 ranges
VendorProductVersion rangeFixed in
smartofficepayrollsmartoffice<= 20.28

Detection & IOCsextracted from sources · hover to see the quote

path/DisplayParallelLogData.aspx
path/ExportEmployeeDetails.aspx?ActionName=ExportEmployeeDetails
path/ExportEmployeeDetails.aspx?ActionName=ExportEmployeeOtherDetails
path/ExportReportingManager.aspx
path/ExportEmployeeLoginDetails.aspx
  • Monitor for unauthenticated HTTP GET requests to /DisplayParallelLogData.aspx, /ExportEmployeeDetails.aspx, /ExportReportingManager.aspx, and /ExportEmployeeLoginDetails.aspx — successful unauthenticated access to any of these endpoints indicates active exploitation of the IDOR vulnerability.
  • Use the Shodan dork 'smart office' (inurl search) to identify exposed Smart Office Web instances on the internet that may be targeted.
  • Alert on HTTP responses returning CSV or log file content (e.g., employee credentials, login details) from the identified .aspx endpoints without a prior authenticated session.
  • Note that even patched versions remain vulnerable via /ExportEmployeeDetails.aspx — continue monitoring this endpoint regardless of reported patch status.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.