Main Vulnerability Database Exploits ID:10651 - Exploit for Insufficiently protected credentials in Express Invoice - CVE-2020-11560

ID:10651 - Exploit for Insufficiently protected credentials in Express Invoice - CVE-2020-11560

Published: October 25, 2024

Vulnerability identifier: #VU34530

Vulnerability risk: Low

CVE-ID: CVE-2020-11560

CWE-ID: CWE-522

Exploitation vector: Local access

Vulnerable software:
Express Invoice

Link to public exploit:

The vulnerability allows a local authenticated user to execute arbitrary code.

NCH Express Invoice 7.25 allows local users to discover the cleartext password by reading the configuration file.

Install update from vendor's website.