2 matches found
CVE-2026-24913
MATCHA INVOICE versions 2.6.6 and earlier are affected by an SQL Injection vulnerability. The flaw allows an authenticated user to obtain or alter data stored in the database through exploitation of unsafely handled input in the application. The description does not specify exact vulnerable compo...
CVE-2026-33273
CVE-2026-33273 affects MATCHA INVOICE, versions 2.6.6 and earlier. The issue is an unrestricted upload vulnerability (CWE-434) that could allow an administrator to create arbitrary files on the server, potentially enabling arbitrary code execution. Public reports in JVN, NVD, CVE records, and thi...