CVE-2024-56975

Critical CVSS: 9.8

InvoicePlane (all versions tested as of December 2024) v.1.6.11 and before contains a remote code execution vulnerability in the upload_file method of the Upload controller.

Vendor

Invoiceplane

Product

Invoiceplane

CWE

CWE-434

Yayın Tarihi

2025-03-28 21:15:17

Güncelleme

2025-04-14 16:50:35

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-434 Invoiceplane CRITICAL Invoiceplane 2025

Referanslar

https://github.com/InvoicePlane/InvoicePlane/pull/1127 https://github.com/InvoicePlane/InvoicePlane/pull/1166

Benzer Kayıtlar

Medium

CVE-2026-25596

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site…

Medium

CVE-2026-26270

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site…

Medium

CVE-2026-26281

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A stored cross-site…

Medium

CVE-2026-24745

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site…

Critical

CVE-2026-25548

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A critical Remote Co…

Medium

CVE-2026-25594

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site…