CVE-2022-22792
6.6
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
Summary
MobiSoft - MobiPlus User Take Over and Improper Handling of url Parameters Attacker can navigate to specific url which will expose all the users and password in clear text. http://IP/MobiPlusWeb/Handlers/MainHandler.ashx?MethodName=GridData&GridName=Users
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| MobiSoft | eharmony | MobiPlus <= 1.0 | affected |
Weaknesses
- CWE-233: CWE-233 Improper Handling of url Parameters
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.