NCH Express CVE 2020-11561 Privilege Escalation

CVE: CVE-2020-11561
Title: Privilege Escalation via Forceful Browsing


About NCH express invoice software

Express Invoice lets you create invoices you can print, email or fax directly to clients for faster payment. The reporting functionality allows you to keep track of payments, overdue accounts, sales team performance and more.



Vulnerability: 
NCH express invoice software allows to access it over the web. 
A web interface provides 3 types of user
Administrator 
user
viewer 

The administrator user has access to all modules including "Add New Item" "Add New Customer".
User with viewer privileges don't have access to "Add New Item" "Add New Customer"
by forceful browsing, we will access admin modules using viewer user privileges 


Impact: An authenticated low privileged user can access modules which are accessible only to higher privileged user 


POC:




Comments

Popular posts from this blog

CVE-2020-13474: NCH Express Accounts- Privilege Escalation

CVE-2020-23446 Verint Workforce Optimization (WFO)

CVE-2020-13475: NCH accounts-Cross Site Scripting