← back
CVE-2024-1346

Weak MySQL database root password in LaborOfficeFree

CVSS 6.8 MEDIUMEPSS 0.4%CWE-521
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.8EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
19 Feb 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an attacker to calculate the root password of the MySQL database used by LaborOfficeFree using two constants.
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Affected products
LaborOfficeFree · LaborOfficeFree

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-laborofficefree