CVE-2022-37140 Information

Description

PayMoney 3.3 is vulnerable to Client Side Remote Code Execution (RCE). The vulnerability exists on the reply ticket function and upload the malicious file. A calculator will open when the victim who download the file open the RTF file.

Reference

https://github.com/saitamang/POC-DUMP/tree/main/PayMoney https://paymoney.techvill.org