Description
PayMoney 3.3 is vulnerable to Client Side Remote Code Execution (RCE). The vulnerability exists on the reply ticket function and upload the malicious file. A calculator will open when the victim who download the file open the RTF file.
References
https://github.com/saitamang/POC-DUMP/tree/main/PayMoney
ExploitThird Party Advisory
Vendor Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
8 · High
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2022-09-14T11:15:50.600
2 years agoLast modified
2022-09-16T03:18:08.883
2 years ago