2 matches found
CVE-2026-42145
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, the file upload endpoint app/Http/Controllers/UploadController.php for database backup restore uploads did not enforce file type or size validation, allowing an authenticat...
CVE-2025-10009
CVE-2025-10009 affects Invoice Ninja (Laravel) up to version 5.11.72. The admin Restore function mishandles uploaded files, enabling an authenticated admin to upload .php files and potentially achieve arbitrary code execution on the server. Impact stated includes full remote code execution with h...