Metrics
Affected Vendors & Products
Wed, 15 Oct 2025 17:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| CPEs | cpe:2.3:a:invoiceplane:invoiceplane:*:*:*:*:*:*:*:* | 
Sat, 12 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | epss 
 | epss 
 | 
Mon, 16 Dec 2024 16:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | ssvc 
 | 
Mon, 16 Dec 2024 16:00:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Title | InvoicePlane invoices.php download path traversal | |
| Metrics | cvssV4_0 
 | cvssV3_0 
 
 | 
Mon, 16 Dec 2024 10:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | A vulnerability was found in InvoicePlane up to 1.6.1. It has been classified as problematic. This affects the function download of the file invoices.php. The manipulation of the argument invoice leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.2-beta-1 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product. | |
| Weaknesses | CWE-22 | |
| References |  | |
| Metrics | cvssV2_0 
 
 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: VulDB
Published: 2024-12-16T10:00:18.068Z
Updated: 2024-12-16T15:54:15.410Z
Reserved: 2024-12-09T09:35:08.715Z
Link: CVE-2024-12362
 Vulnrichment
                        Vulnrichment
                    Updated: 2024-12-16T15:54:10.637Z
 NVD
                        NVD
                    Status : Analyzed
Published: 2024-12-16T10:15:05.097
Modified: 2025-10-15T17:42:53.433
Link: CVE-2024-12362
 Redhat
                        Redhat
                    No data.