Описание
File upload vulnerability in InvoicePlane through 1.6.3 allows authenticated attackers to upload arbitrary PHP files into attachments, which can later be executed remotely, leading to Remote Code Execution (RCE).
EPSS
Процентиль: 12%
0.00041
Низкий
9.9 Critical
CVSS3
Дефекты
CWE-616
Связанные уязвимости
CVSS3: 6.5
github
23 дня назад
File upload vulnerability in InvoicePlane through 1.6.3 allows authenticated attackers to upload arbitrary PHP files into attachments, which can later be executed remotely, leading to Remote Code Execution (RCE).
EPSS
Процентиль: 12%
0.00041
Низкий
9.9 Critical
CVSS3
Дефекты
CWE-616