This page aggregates publicly disclosed CVE and security risk information related to laborofficefree, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-1346 | Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an attacker to calculate the root password of the MySQL database used by LaborOfficeFree using two constants. | [email protected] | 6.8 | 0.32% | 2024-02-19 | 2025-03-24 |
| CVE-2024-1345 | Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an attacker to perform a brute force attack and easily discover the root password. | [email protected] | 6.8 | 0.03% | 2024-02-19 | 2025-03-24 |
| CVE-2024-1344 | Encrypted database credentials in LaborOfficeFree affecting version 19.10. This vulnerability allows an attacker to read and extract the username and password from the database of 'LOF_service.exe' and 'LaborOfficeFree.exe' located in the '%programfiles(x86)%\LaborOfficeFree\' directory. This user can log in remotely and has root-like privileges. | [email protected] | 6.8 | 0.06% | 2024-02-19 | 2025-03-24 |
| CVE-2024-1343 | A weak permission was found in the backup directory in LaborOfficeFree affecting version 19.10. This vulnerability allows any authenticated user to read backup files in the directory '%programfiles(x86)% LaborOfficeFree BackUp'. | [email protected] | 4.7 | 0.05% | 2024-02-19 | 2025-03-24 |