Описание
InvoicePlane (all versions tested as of December 2024) v.1.6.11 and before contains a remote code execution vulnerability in the upload_file method of the Upload controller.
Ссылки
- Issue TrackingPatch
- Patch
Уязвимые конфигурации
Конфигурация 1Версия до 1.6.2 (исключая)
cpe:2.3:a:invoiceplane:invoiceplane:*:*:*:*:*:*:*:*
EPSS
Процентиль: 84%
0.02284
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-434
Связанные уязвимости
CVSS3: 9.8
github
11 месяцев назад
InvoicePlane (all versions tested as of December 2024) v.1.6.11 and before contains a remote code execution vulnerability in the upload_file method of the Upload controller.
EPSS
Процентиль: 84%
0.02284
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-434