CVE-2022-37140

PayMoney 3.3 is vulnerable to Client Side Remote Code Execution (RCE). The vulnerability exists on the reply ticket function and upload the malicious file. A calculator will open when the victim who download the file open the RTF file.

Date published : 2022-09-13

https://github.com/saitamang/POC-DUMP/tree/main/PayMoney

https://paymoney.techvill.org