PT-2026-3147 · Smartertools · Smartertools Smartertrack+1

Andrei Manole

Publicado

2026-01-15

Atualizado

2026-02-09

CVE-2020-36926

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions SmarterTrack version 7922

Description The software contains an information disclosure issue in the Chat Management search form. This allows unauthorized access to agent identification details, specifically agents' first and last names and their unique identifiers. Attackers can exploit this by accessing the /Management/Chat/frmChatSearch.aspx endpoint. The vulnerable parameter is not explicitly mentioned.

Recommendations Apply a fix to address the information disclosure in the Chat Management search form. Restrict access to the /Management/Chat/frmChatSearch.aspx endpoint.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-497

Identificadores relacionados

CVE-2020-36926

Produtos afetados

Smartertools Smartertrack

Smartertrack

PT-2026-3147 · Smartertools · Smartertools Smartertrack+1

CVE-2020-36926

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7