9 matches found
CVE-2026-34366
InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery SSRF vulnerability exists in the Payment receipt PDF generation module. User-supplied HTML in the payment Notes...
EUVD-2026-17618
InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery SSRF vulnerability exists in the Invoice PDF generation module. User-supplied HTML in the invoice Notes field i...
EUVD-2026-17606
InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery SSRF vulnerability exists in the Estimate PDF generation module. User-supplied HTML in the estimate Notes field...
InvoiceShelf 代码问题漏洞
InvoiceShelf is an open-source invoice and expense management application developed by InvoiceShelf. Versions of InvoiceShelf prior to 2.2.0 had code vulnerabilities. These vulnerabilities stemmed from uncleaned HTML provided by users in the invoice PDF generation module, which could lead to...
InvoiceShelf 代码问题漏洞
InvoiceShelf is an open-source invoice and expense management application developed by InvoiceShelf. Versions of InvoiceShelf prior to 2.2.0 had code vulnerabilities. These vulnerabilities stemmed from the Estimate PDF generation module, where HTML provided by users was passed to the Dompdf...
InvoiceShelf 代码问题漏洞
InvoiceShelf is an open-source invoice and expense management application developed by InvoiceShelf. Versions of InvoiceShelf prior to 2.2.0 had code vulnerabilities. These vulnerabilities stemmed from uncleaned HTML provided by users in the payment receipt PDF generation module, which could lead...
Metasploit Weekly Wrap-Up 03/14/25
New module content 1 InvoiceShelf unauthenticated PHP Deserialization Vulnerability Authors: Mickaël Benassouli, Rémi Matasse, and h00die-gr3y Type: Exploit Pull request: 19950 contributed by h00die-gr3y Path: linux/http/invoiceshelfunauthrcecve202455556 AttackerKB reference: CVE-2024-55556...
InvoiceShelf unauthenticated PHP Deserialization Vulnerability
InvoiceShelf is an open-source web & mobile app that helps you track expenses, payments, create professional invoices & estimates and is based on the PHP framework Laravel. InvoiceShelf has a Remote Code Execution vulnerability that allows remote unauthenticated attackers to conduct PHP...
InvoiceShelf 1.3.0 Remote Code Execution
This Metasploit module exploits a PHP deserialization vulnerability in InvoiceShelf versions 1.3.0 and below that results in remote code execution. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModul...