SmarterTools SmarterTrack 7922 -Information Disclosure

Advisories

severity: medium
date: January 15, 2026
Affecting: SmarterTools SmarterTrack 10.x, 14.x
CVE: CVE-2020-36926
CWE: CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVSS: 6.9
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
References: ExploitDB-50328
SmarterTools Official Homepage
SmarterTrack Product Page
Credit: Andrei Manole
Description: SmarterTrack 7922 contains an information disclosure vulnerability in the Chat Management search form that reveals agent identification details. Attackers can access the vulnerable /Management/Chat/frmChatSearch.aspx endpoint to retrieve agents' first and last names along with their unique identifiers.