Metrics
Affected Vendors & Products
Mon, 16 Dec 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Mon, 16 Dec 2024 10:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A vulnerability was found in InvoicePlane up to 1.6.1. It has been declared as critical. This vulnerability affects the function upload_file of the file /index.php/upload/upload_file/1/1. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.2-beta-1 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product. | |
Title | InvoicePlane 1 upload_file unrestricted upload | |
Weaknesses | CWE-284 CWE-434 |
|
References |
| |
Metrics |
cvssV2_0
|
Status: PUBLISHED
Assigner: VulDB
Published: 2024-12-16T10:31:04.893Z
Updated: 2024-12-16T15:19:36.132Z
Reserved: 2024-12-11T12:26:00.808Z
Link: CVE-2024-12478
Updated: 2024-12-16T15:19:31.769Z
Status : Received
Published: 2024-12-16T11:15:04.890
Modified: 2024-12-16T11:15:04.890
Link: CVE-2024-12478
No data.