3 matches found
CVE-2024-12478
InvoicePlane 1.x is affected up to 1.6.1 by CVE-2024-12478 due to unrestricted upload via the upload_file function at /index.php/upload/upload_file/1/1. The issue allows remote abuse of the file parameter to upload arbitrary content. A fixed version is 1.6.2-beta-1; upgrading addresses the vulner...
PT-2024-17708 · Unknown · Invoiceplane
Name of the Vulnerable Software and Affected Versions: InvoicePlane versions up to 1.6.1 Description: A vulnerability was found in InvoicePlane, affecting some unknown functionality of the file /invoices/view. The manipulation leads to session expiration. The attack may be launched remotely, with...
PT-2024-17570 · Unknown · Invoiceplane
Name of the Vulnerable Software and Affected Versions: InvoicePlane versions up to 1.6.1 Description: A vulnerability was found in InvoicePlane, affecting the function download of the file invoices.php. The manipulation of the invoice argument leads to path traversal. It is possible to initiate t...