← volver
CVE-2025-67084

CVE-2025-67084

CVSS 9.9 CRITICALEPSS 0.4%CWE-616
File upload vulnerability in InvoicePlane through 1.6.3 allows authenticated attackers to upload arbitrary PHP files into attachments, which can later be executed remotely, leading to Remote Code Execution (RCE).
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/InvoicePlane/InvoicePlanehttps://www.helx.io/blog/advisory-invoice-plane/