Metrics
Affected Vendors & Products
Wed, 15 Oct 2025 18:00:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| CPEs | cpe:2.3:a:invoiceplane:invoiceplane:*:*:*:*:*:*:*:* | 
Sat, 12 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | epss 
 | epss 
 | 
Mon, 16 Dec 2024 16:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | ssvc 
 | 
Mon, 16 Dec 2024 10:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | A vulnerability was found in InvoicePlane up to 1.6.1. It has been declared as critical. This vulnerability affects the function upload_file of the file /index.php/upload/upload_file/1/1. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.2-beta-1 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product. | |
| Title | InvoicePlane 1 upload_file unrestricted upload | |
| Weaknesses | CWE-284 CWE-434 | |
| References |  | |
| Metrics | cvssV2_0 
 
 
 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: VulDB
Published: 2024-12-16T10:31:04.893Z
Updated: 2024-12-16T15:19:36.132Z
Reserved: 2024-12-11T12:26:00.808Z
Link: CVE-2024-12478
 Vulnrichment
                        Vulnrichment
                    Updated: 2024-12-16T15:19:31.769Z
 NVD
                        NVD
                    Status : Analyzed
Published: 2024-12-16T11:15:04.890
Modified: 2025-10-15T17:46:52.227
Link: CVE-2024-12478
 Redhat
                        Redhat
                    No data.