CVE-2022-24387 - File upload and overwrite to app_data/Config in SmarterTrack v100.0.8019.14010
CVE | CVE-2022-24387 |
Case | DIVD-2021-00029 |
Discovered by | |
Credits |
|
Products |
SmarterTools:
|
Versions |
SmarterTools:
|
Page author | Frank Breedijk |
CVSS | Base score: 9.1 |
References | |
Last modified | 20 Jun 2022 09:35 |
Description
With administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g. the systemsettings.xml file. THis is possible in SmarterTrack v100.0.8019.14010
JSON version