PT-2020-12694 · Nch · Nch Express Invoice

Published

2020-04-07

Updated

2021-07-21

CVE-2020-11561

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions NCH Express Invoice version 7.25

Description The issue allows an authenticated low-privilege user to access higher-privileged functionalities by entering a crafted URL. This can provide access to sensitive features such as the "Add New Item" screen.

Recommendations For NCH Express Invoice version 7.25, consider restricting access to sensitive features like the "Add New Item" screen until a patch is available. As a temporary workaround, limit the privileges of low-privilege users to prevent them from accessing higher-privileged functionalities.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-425

Related Identifiers

CVE-2020-11561

Affected Products

Nch Express Invoice

PT-2020-12694 · Nch · Nch Express Invoice

CVE-2020-11561

Weakness Enumeration

Related Identifiers

Affected Products

References · 5