CVE-2024-1346

MEDIUM

LaborOfficeFree <19.10 - Info Disclosure

Title source: llm

Description

Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an attacker to calculate the root password of the MySQL database used by LaborOfficeFree using two constants.

Exploits (1)

nomisec WORKING POC 2 stars

by PeterGabaldon · poc

https://github.com/PeterGabaldon/CVE-2024-1346

View Code ZIP pw:eip

References (1)

[Third Party Advisory] https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-laborofficefree

Scores

CVSS v3 6.8

EPSS 0.0032

EPSS Percentile 54.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-521

Status published

Products (1)

laborofficefree/laborofficefree 19.10

Published Feb 19, 2024

Tracked Since Feb 18, 2026