229 matches found
CVE-2025-67083
Directory traversal vulnerability in InvoicePlane through 1.6.3 allows unauthenticated attackers to read files from the server. The ability to read files and the file type depends on the web server and its configuration...
CVE-2025-67084
File upload vulnerability in InvoicePlane through 1.6.3 allows authenticated attackers to upload arbitrary PHP files into attachments, which can later be executed remotely, leading to Remote Code Execution RCE...
CVE-2025-67082
An SQL injection vulnerability in InvoicePlane through 1.6.3 has been identified in "maxQuantity" and "minQuantity" parameters when generating a report. An authenticated attacker can exploit this issue via error-based SQL injection, allowing for the extraction of arbitrary data from the database...
CVE-2025-67084
File upload vulnerability in InvoicePlane through 1.6.3 allows authenticated attackers to upload arbitrary PHP files into attachments, which can later be executed remotely, leading to Remote Code Execution RCE...
CVE-2025-67082
An SQL injection vulnerability in InvoicePlane through 1.6.3 has been identified in "maxQuantity" and "minQuantity" parameters when generating a report. An authenticated attacker can exploit this issue via error-based SQL injection, allowing for the extraction of arbitrary data from the database...
CVE-2025-67083
Directory traversal vulnerability in InvoicePlane through 1.6.3 allows unauthenticated attackers to read files from the server. The ability to read files and the file type depends on the web server and its configuration...
CVE-2025-67083
Directory traversal vulnerability in InvoicePlane through 1.6.3 allows unauthenticated attackers to read files from the server. The ability to read files and the file type depends on the web server and its configuration...
CVE-2025-67083
InvoicePlane before 1.6.3 contains a directory traversal vulnerability that allows unauthenticated attackers to read files from the server. The exact files and types readable depend on server configuration. Affected software is InvoicePlane up to version 1.6.3; the root cause is a directory trave...
CVE-2025-67082
An SQL injection vulnerability in InvoicePlane through 1.6.3 has been identified in "maxQuantity" and "minQuantity" parameters when generating a report. An authenticated attacker can exploit this issue via error-based SQL injection, allowing for the extraction of arbitrary data from the database...
CVE-2025-67083
Directory traversal vulnerability in InvoicePlane through 1.6.3 allows unauthenticated attackers to read files from the server. The ability to read files and the file type depends on the web server and its configuration...
CVE-2025-67084
File upload vulnerability in InvoicePlane through 1.6.3 allows authenticated attackers to upload arbitrary PHP files into attachments, which can later be executed remotely, leading to Remote Code Execution RCE...
CVE-2025-67082
The CVE-2025-67082 entry concerns InvoicePlane versions up to 1.6.3. The vulnerability is an SQL injection in the maxQuantity and minQuantity parameters when generating a report, exploitable via error-based SQL injection by an authenticated user. The issue stems from insufficient sanitization of ...
InvoicePlane security vulnerabilities
InvoicePlane is an open-source application developed by InvoicePlane. It provides a self-hosted open-source tool for managing your quotes, invoices, customers, and payments. InvoicePlane versions 1.6.3 and earlier contain security vulnerabilities, which stem from insufficient cleanup of single...
PT-2026-3026
Name of the Vulnerable Software and Affected Versions InvoicePlane versions through 1.6.3 Description An SQL injection issue exists in InvoicePlane. The problem is found in the maxQuantity and minQuantity parameters when generating a report. A user with valid credentials can exploit this by using...
CVE-2025-67082
An SQL injection vulnerability in InvoicePlane through 1.6.3 has been identified in "maxQuantity" and "minQuantity" parameters when generating a report. An authenticated attacker can exploit this issue via error-based SQL injection, allowing for the extraction of arbitrary data from the database...
CVE-2025-67084
File upload vulnerability in InvoicePlane through 1.6.3 allows authenticated attackers to upload arbitrary PHP files into attachments, which can later be executed remotely, leading to Remote Code Execution RCE...
EUVD-2026-2782
Directory traversal vulnerability in InvoicePlane through 1.6.3 allows unauthenticated attackers to read files from the server. The ability to read files and the file type depends on the web server and its configuration...
CVE-2025-67084
File upload vulnerability in InvoicePlane through 1.6.3 allows authenticated attackers to upload arbitrary PHP files into attachments, which can later be executed remotely, leading to Remote Code Execution RCE...
EUVD-2026-2785
File upload vulnerability in InvoicePlane through 1.6.3 allows authenticated attackers to upload arbitrary PHP files into attachments, which can later be executed remotely, leading to Remote Code Execution RCE...
PT-2026-3027
Name of the Vulnerable Software and Affected Versions InvoicePlane versions through 1.6.3 Description A directory traversal issue exists in InvoicePlane. This allows unauthenticated attackers to read files from the server. The types of files readable and the extent of access depend on the web...