CVE-2022-22792

Summary

MobiSoft - MobiPlus User Take Over and Improper Handling of url Parameters Attacker can navigate to specific url which will expose all the users and password in clear text. http://IP/MobiPlusWeb/Handlers/MainHandler.ashx?MethodName=GridData&GridName=Users

Affected Software

VendorProductVersion RangeStatus
MobiSofteharmonyMobiPlus <= 1.0affected

Weaknesses

  • CWE-233: CWE-233 Improper Handling of url Parameters

ADP Enrichment

CVE Program Container

Additional References

References