CVE-2025-67083

CVSS 5.3 MEDIUMEPSS 0.6%CWE-22

Directory traversal vulnerability in InvoicePlane through 1.6.3 allows unauthenticated attackers to read files from the server. The ability to read files and the file type depends on the web server and its configuration.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Productos afectados

n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/InvoicePlane/InvoicePlane https://www.helx.io/blog/advisory-invoice-plane/