CVE-2020-36926 | THREATINT

Description

SmarterTrack 7922 contains an information disclosure vulnerability in the Chat Management search form that reveals agent identification details. Attackers can access the vulnerable /Management/Chat/frmChatSearch.aspx endpoint to retrieve agents' first and last names along with their unique identifiers.

PUBLISHED Reserved 2026-01-10 | Published 2026-01-15 | Updated 2026-01-20 | Assigner VulnCheck

MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Product status

10.x

affected

14.x

affected

Credits

Andrei Manole finder

References

www.exploit-db.com/exploits/50328 exploit

www.exploit-db.com/exploits/50328 (ExploitDB-50328) exploit

www.smartertools.com/ (SmarterTools Official Homepage) product

www.smartertools.com/smartertrack (SmarterTrack Product Page) product

www.vulncheck.com/...ols-smartertrack-information-disclosure (VulnCheck Advisory: SmarterTools SmarterTrack 7922 -Information Disclosure) third-party-advisory

cve.org (CVE-2020-36926)

nvd.nist.gov (CVE-2020-36926)

Download JSON