exploitDog

CVE-2025-10009

Опубликовано: 22 сент. 2025

Источник: nvd

EPSS Низкий

Описание

Incorrect handling of uploaded files in the admin "Restore" function in Invoice Ninja <= 5.11.72 allows attackers with admin credentials to execute arbitrary code on the server via uploaded .php files.

Ссылки

https://github.com/invoiceninja/invoiceninja/commit/02151b570b226b4584a8e61b06b10be9366da3de

EPSS

Процентиль: 32%

0.00124

Низкий

Дефекты

CWE-434

Связанные уязвимости

GHSA-xg84-5464-2qqq

github

5 месяцев назад

Incorrect handling of uploaded files in the admin "Restore" function in Invoice Ninja <= 5.11.72 allows attackers with admin credentials to execute arbitrary code on the server via uploaded .php files.

EPSS

Процентиль: 32%

0.00124

Низкий

Дефекты

CWE-434