CVE-2020-13474

MEDIUM

NCH Express Accounts <8.24 - Privilege Escalation

Title source: llm
STIX 2.1

Description

In NCH Express Accounts 8.24 and earlier, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as Add/Edit users.

References (2)

Scores

CVSS v3 6.5
EPSS 0.0026
EPSS Percentile 49.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-425
Status published
Products (1)
nchsoftware/express_accounts < 8.24
Published Dec 28, 2020
Tracked Since Feb 18, 2026