RSS   Vulnerabilities for 'Express accounts'   RSS

2020-12-28
 
CVE-2020-13474

CWE-269
 

 
In NCH Express Accounts 8.24 and earlier, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as Add/Edit users.

 
 
CVE-2020-13473

CWE-312
 

 
NCH Express Accounts 8.24 and earlier allows local users to discover the cleartext password by reading the configuration file.

 

 >>> Vendor: Nchsoftware 7 Products
Meo encryption software
Axon pbx
Express invoice
Express accounts
Ivm attendant
Quorum
Webdictate


Copyright 2024, cxsecurity.com

 

Back to Top