Vulnerabilities > CVE-2022-22792 - Unspecified vulnerability in Mobisoft - Mobiplus Project Mobisoft - Mobiplus

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

mobisoft-mobiplus-project

NVD

Published: 2022-02-16

Updated: 2022-02-24

Summary

MobiSoft - MobiPlus User Take Over and Improper Handling of url Parameters Attacker can navigate to specific url which will expose all the users and password in clear text. http://IP/MobiPlusWeb/Handlers/MainHandler.ashx?MethodName=GridData&GridName=Users

Vulnerable Configurations

Part	Description	Count
Application	Mobisoft_-_Mobiplus_Project Mobisoft Mobiplus Project Mobisoft Mobiplus -	1

References

https://www.gov.il/en/departments/faq/cve_advisories