CVE-2020-11560

HIGH

NCH Express Invoice 7.25 - Insufficiently Protected Credentials via Configuration File

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-11560. PoCs published by Tejas Pingulkar.

AI-analyzed exploit summary This script exploits CVE-2020-11560 by reading and modifying cleartext credentials stored in NCH Express Invoice's configuration files. It allows password disclosure, account takeover, and privilege escalation by manipulating unprotected files.

Description

NCH Express Invoice 7.25 allows local users to discover the cleartext password by reading the configuration file.

Exploits (1)

exploitdb WORKING POC
by Tejas Pingulkar · pythonlocalwindows
https://www.exploit-db.com/exploits/51540

This script exploits CVE-2020-11560 by reading and modifying cleartext credentials stored in NCH Express Invoice's configuration files. It allows password disclosure, account takeover, and privilege escalation by manipulating unprotected files.

Classification
Working Poc 95%
Attack Type
Info Leak | Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: NCH Express Invoice < 8.24
No auth needed
Prerequisites: Local file system access to C:\ProgramData\NCH Software\ExpressInvoice\ · Low-privileged user access
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 7.8
EPSS 0.0123
EPSS Percentile 64.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-522
Status published
Products (1)
nchsoftware/express_invoice 7.25
Published Apr 07, 2020
Tracked Since Feb 18, 2026