CVE-2022-37140

Description

PayMoney 3.3 is vulnerable to Client Side Remote Code Execution (RCE). The vulnerability exists on the reply ticket function and upload the malicious file. A calculator will open when the victim who download the file open the RTF file.

Related CPE's

a techvill paymoney 3.3 *******

References

https://github.com/saitamang/POC-DUMP/tree/main/PayMoney

ExploitThird Party Advisory

https://paymoney.techvill.org

Vendor Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics

Created by Yello

About Severity.io