Lucene search
K

229 matches found

NVD
NVD
added 2026/01/15 3:15 p.m.7 views

CVE-2025-67083

Directory traversal vulnerability in InvoicePlane through 1.6.3 allows unauthenticated attackers to read files from the server. The ability to read files and the file type depends on the web server and its configuration...

5.3CVSS0.00608EPSS
Exploits1References2
NVD
NVD
added 2026/01/15 3:15 p.m.9 views

CVE-2025-67084

File upload vulnerability in InvoicePlane through 1.6.3 allows authenticated attackers to upload arbitrary PHP files into attachments, which can later be executed remotely, leading to Remote Code Execution RCE...

9.9CVSS0.004EPSS
Exploits1References2
NVD
NVD
added 2026/01/15 3:15 p.m.15 views

CVE-2025-67082

An SQL injection vulnerability in InvoicePlane through 1.6.3 has been identified in "maxQuantity" and "minQuantity" parameters when generating a report. An authenticated attacker can exploit this issue via error-based SQL injection, allowing for the extraction of arbitrary data from the database...

6.5CVSS0.00271EPSS
Exploits1References2
OSV
OSV
added 2026/01/15 3:15 p.m.3 views

CVE-2025-67084

File upload vulnerability in InvoicePlane through 1.6.3 allows authenticated attackers to upload arbitrary PHP files into attachments, which can later be executed remotely, leading to Remote Code Execution RCE...

9.9CVSS7.5AI score
Exploits0References2
OSV
OSV
added 2026/01/15 3:15 p.m.2 views

CVE-2025-67082

An SQL injection vulnerability in InvoicePlane through 1.6.3 has been identified in "maxQuantity" and "minQuantity" parameters when generating a report. An authenticated attacker can exploit this issue via error-based SQL injection, allowing for the extraction of arbitrary data from the database...

6.5CVSS7.9AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/15 12:0 a.m.2 views

CVE-2025-67083

Directory traversal vulnerability in InvoicePlane through 1.6.3 allows unauthenticated attackers to read files from the server. The ability to read files and the file type depends on the web server and its configuration...

5.3CVSS5.5AI score0.00608EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/01/15 12:0 a.m.24 views

CVE-2025-67083

Directory traversal vulnerability in InvoicePlane through 1.6.3 allows unauthenticated attackers to read files from the server. The ability to read files and the file type depends on the web server and its configuration...

0.00608EPSS
Exploits1References2
CVE
CVE
added 2026/01/15 12:0 a.m.15 views

CVE-2025-67083

InvoicePlane before 1.6.3 contains a directory traversal vulnerability that allows unauthenticated attackers to read files from the server. The exact files and types readable depend on server configuration. Affected software is InvoicePlane up to version 1.6.3; the root cause is a directory trave...

5.3CVSS6.5AI score0.00608EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/01/15 12:0 a.m.30 views

CVE-2025-67082

An SQL injection vulnerability in InvoicePlane through 1.6.3 has been identified in "maxQuantity" and "minQuantity" parameters when generating a report. An authenticated attacker can exploit this issue via error-based SQL injection, allowing for the extraction of arbitrary data from the database...

0.00271EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/01/15 12:0 a.m.3 views

CVE-2025-67083

Directory traversal vulnerability in InvoicePlane through 1.6.3 allows unauthenticated attackers to read files from the server. The ability to read files and the file type depends on the web server and its configuration...

6.5AI score0.00608EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/01/15 12:0 a.m.30 views

CVE-2025-67084

File upload vulnerability in InvoicePlane through 1.6.3 allows authenticated attackers to upload arbitrary PHP files into attachments, which can later be executed remotely, leading to Remote Code Execution RCE...

0.004EPSS
Exploits1References2
CVE
CVE
added 2026/01/15 12:0 a.m.12 views

CVE-2025-67082

The CVE-2025-67082 entry concerns InvoicePlane versions up to 1.6.3. The vulnerability is an SQL injection in the maxQuantity and minQuantity parameters when generating a report, exploitable via error-based SQL injection by an authenticated user. The issue stems from insufficient sanitization of ...

6.5CVSS7.6AI score0.00271EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/01/15 12:0 a.m.6 views

InvoicePlane security vulnerabilities

InvoicePlane is an open-source application developed by InvoicePlane. It provides a self-hosted open-source tool for managing your quotes, invoices, customers, and payments. InvoicePlane versions 1.6.3 and earlier contain security vulnerabilities, which stem from insufficient cleanup of single...

6.5CVSS5.9AI score0.00271EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.3 views

PT-2026-3026

Name of the Vulnerable Software and Affected Versions InvoicePlane versions through 1.6.3 Description An SQL injection issue exists in InvoicePlane. The problem is found in the maxQuantity and minQuantity parameters when generating a report. A user with valid credentials can exploit this by using...

6.5CVSS7.4AI score0.00271EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/01/15 12:0 a.m.5 views

CVE-2025-67082

An SQL injection vulnerability in InvoicePlane through 1.6.3 has been identified in "maxQuantity" and "minQuantity" parameters when generating a report. An authenticated attacker can exploit this issue via error-based SQL injection, allowing for the extraction of arbitrary data from the database...

6.5CVSS6AI score0.00271EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/01/15 12:0 a.m.5 views

CVE-2025-67084

File upload vulnerability in InvoicePlane through 1.6.3 allows authenticated attackers to upload arbitrary PHP files into attachments, which can later be executed remotely, leading to Remote Code Execution RCE...

9.9CVSS5.9AI score0.004EPSS
Exploits1References3
EUVD
EUVD
added 2026/01/15 12:0 a.m.7 views

EUVD-2026-2782

Directory traversal vulnerability in InvoicePlane through 1.6.3 allows unauthenticated attackers to read files from the server. The ability to read files and the file type depends on the web server and its configuration...

5.3CVSS6.4AI score0.00608EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/01/15 12:0 a.m.4 views

CVE-2025-67084

File upload vulnerability in InvoicePlane through 1.6.3 allows authenticated attackers to upload arbitrary PHP files into attachments, which can later be executed remotely, leading to Remote Code Execution RCE...

7.1AI score0.004EPSS
Exploits1References2
EUVD
EUVD
added 2026/01/15 12:0 a.m.6 views

EUVD-2026-2785

File upload vulnerability in InvoicePlane through 1.6.3 allows authenticated attackers to upload arbitrary PHP files into attachments, which can later be executed remotely, leading to Remote Code Execution RCE...

6.5CVSS7AI score0.004EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.6 views

PT-2026-3027

Name of the Vulnerable Software and Affected Versions InvoicePlane versions through 1.6.3 Description A directory traversal issue exists in InvoicePlane. This allows unauthenticated attackers to read files from the server. The types of files readable and the extent of access depend on the web...

5.3CVSS6.6AI score0.00608EPSS
Exploits1References4
Rows per page
Query Builder