Browse all 4 CVE security advisories affecting LaborOfficeFree . AI-powered Chinese analysis, POCs, and references for each vulnerability.
LaborOfficeFree is an open-source human resources management system designed for small to medium-sized organizations to handle employee data, payroll, and administrative tasks. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, as evidenced by its four recorded CVEs. The application's security posture has been compromised through insufficient input validation and improper access controls, leading to potential unauthorized system access and data breaches. While no major public incidents have been widely documented, the consistent pattern of vulnerabilities suggests ongoing security challenges that require diligent patch management and secure configuration practices.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-1346 | Weak MySQL database root password in LaborOfficeFree — LaborOfficeFree CWE-521 | 6.8 | Medium | 2024-02-19 |
| CVE-2024-1345 | Weak MySQL database root password in LaborOfficeFree — LaborOfficeFree CWE-521 | 6.8 | Medium | 2024-02-19 |
| CVE-2024-1344 | Encrypted database credentials in LaborOfficeFree — LaborOfficeFree CWE-798 | 6.8 | Medium | 2024-02-19 |
| CVE-2024-1343 | Weak permission vulnerability in LaborOfficeFree — LaborOfficeFree CWE-284 | 4.7 | Medium | 2024-02-19 |
This page lists every published CVE security advisory associated with LaborOfficeFree . Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.