CVE-2022-30628
4.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Summary
It was possible to download all receipts without authentication. Must first access the API https://XXXX.supersmart.me/services/v4/customer/signin to get a TOKEN. Then you can then access the API that provides invoice images based on the URL https://XXXX.supersmart.me/services/v4/invoiceImg?orderId=XXXXX
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Supersmart.me | Supersmart.me – Walk Through | Update to the latest version < Update to the latest version* | affected |
Weaknesses
- access to business information without authentication
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.