Invoiceplane
Approved changes feed: RSS · Atom
cpe:2.3:a:n/a:invoiceplane:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | N/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78) |
|---|---|
| Product | Invoiceplane (b9f10aff-cecf-5bb7-b817-d4c86fceb571) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-12667 |
vulnerable | 2026-06-08 06:25:35.872459 |
InvoicePlane view session expiration
LOW (3.7)
A vulnerability was found in InvoicePlane up to 1.6.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /invoices/view. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.2-beta-1 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
Published: 2024-12-16T20:00:14.643Z
Updated: 2024-12-17T14:32:41.580Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-12478 |
vulnerable | 2026-06-08 06:25:35.336881 |
InvoicePlane 1 upload_file unrestricted upload
MEDIUM (6.3)
A vulnerability was found in InvoicePlane up to 1.6.1. It has been declared as critical. This vulnerability affects the function upload_file of the file /index.php/upload/upload_file/1/1. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.2-beta-1 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
Published: 2024-12-16T10:31:04.893Z
Updated: 2024-12-16T15:19:36.132Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-12362 |
vulnerable | 2026-06-08 06:23:51.783709 |
InvoicePlane invoices.php download path traversal
MEDIUM (4.3)
A vulnerability was found in InvoicePlane up to 1.6.1. It has been classified as problematic. This affects the function download of the file invoices.php. The manipulation of the argument invoice leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.2-beta-1 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
Published: 2024-12-16T10:00:18.068Z
Updated: 2024-12-16T15:54:15.410Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.