Metrics
Affected Vendors & Products
Mon, 16 Dec 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Mon, 16 Dec 2024 16:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Title | InvoicePlane invoices.php download path traversal | |
Metrics |
cvssV4_0
|
cvssV3_0
|
Mon, 16 Dec 2024 10:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A vulnerability was found in InvoicePlane up to 1.6.1. It has been classified as problematic. This affects the function download of the file invoices.php. The manipulation of the argument invoice leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.2-beta-1 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product. | |
Weaknesses | CWE-22 | |
References |
| |
Metrics |
cvssV2_0
|
Status: PUBLISHED
Assigner: VulDB
Published: 2024-12-16T10:00:18.068Z
Updated: 2024-12-16T15:54:15.410Z
Reserved: 2024-12-09T09:35:08.715Z
Link: CVE-2024-12362
Updated: 2024-12-16T15:54:10.637Z
Status : Received
Published: 2024-12-16T10:15:05.097
Modified: 2024-12-16T10:15:05.097
Link: CVE-2024-12362
No data.