An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the action name parameter to ExportEmployeeDetails.aspx, and to ExportReportingManager.aspx.
https://cvewalkthrough.com/smart-office-suite-unauthenticated-data-ex/
https://cvewalkthrough.com/smart-office-suite-cve-2022-47076-cve-2022-47075/