Skip to the content.

CVE-2022-24387 - File upload and overwrite to app_data/Config in SmarterTrack v100.0.8019.14010

CVE CVE-2022-24387
Case DIVD-2021-00029
Discovered by
Credits
Products SmarterTools:
  • SmarterTrack
Versions SmarterTools:
  • SmarterTrack
    • 100.0.8019.x (<= Build 8075)
Page author Frank Breedijk
CVSS Base score: 9.1
References
Last modified 20 Jun 2022 09:35

Description

With administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g. the systemsettings.xml file. THis is possible in SmarterTrack v100.0.8019.14010


JSON version