Vulnerabilities > CVE-2022-22792 - Unspecified vulnerability in Mobisoft - Mobiplus Project Mobisoft - Mobiplus

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
mobisoft-mobiplus-project

Summary

MobiSoft - MobiPlus User Take Over and Improper Handling of url Parameters Attacker can navigate to specific url which will expose all the users and password in clear text. http://IP/MobiPlusWeb/Handlers/MainHandler.ashx?MethodName=GridData&GridName=Users

Vulnerable Configurations

Part Description Count
Application
Mobisoft_-_Mobiplus_Project
1