Vulnerability Details CVE-2020-11560
NCH Express Invoice 7.25 allows local users to discover the cleartext password by reading the configuration file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.025
EPSS Ranking 84.6%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 2.1
References
- http://packetstormsecurity.com/files/173117/NCH-Express-Invoice-7.25-Cleartext-Password.html
- https://tejaspingulkar.blogspot.com/2020/03/cve-cve-2020-11560-title-clear-text.html
- https://www.youtube.com/watch?v=V0BWq33qVCs&feature=youtu.be
- http://packetstormsecurity.com/files/173117/NCH-Express-Invoice-7.25-Cleartext-Password.html
- https://tejaspingulkar.blogspot.com/2020/03/cve-cve-2020-11560-title-clear-text.html
- https://www.youtube.com/watch?v=V0BWq33qVCs&feature=youtu.be
Products affected by CVE-2020-11560
-
cpe:2.3:a:nchsoftware:express_invoice:7.25