NCH Express CVE 2020-11561 Privilege Escalation
CVE: CVE-2020-11561 Title: Privilege Escalation via Forceful Browsing About NCH express invoice software Express Invoice lets you create invoices you can print, email or fax directly to clients for faster payment. The reporting functionality allows you to keep track of payments, overdue accounts, sales team performance and more. Vulnerability: NCH express invoice software allows to access it over the web. A web interface provides 3 types of user Administrator user viewer The administrator user has access to all modules including "Add New Item" "Add New Customer". User with viewer privileges don't have access to "Add New Item" "Add New Customer" by forceful browsing, we will access admin modules using viewer user privileges Impact: An authenticated low privileged user can access modules which are accessible only to higher privileged user POC: