CVE-2024-12478 | InvoicePlane up to 1.6.1 upload_file unrestricted upload

A vulnerability was found in InvoicePlane up to 1.6.1. It has been declared as critical. This vulnerability affects the function upload_file of the file /index.php/upload/upload_file/1/1. The manipulation of the argument file leads to unrestricted upload.

This vulnerability was named CVE-2024-12478. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

It is recommended to upgrade the affected component.

The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

CVE-2024-12478 | InvoicePlane up to 1.6.1 upload_file unrestricted upload

Post correlati

CVE-2024-0766 | envothemes Elementor Templates & Widgets for WooCommerce Plugin Template templates_ajax_request access control

CVE-2024-8784 | QDocs Smart School Management System 7.0.0 Chat /user/chat/mynewuser users[] sql injection

CVE-2023-48375 | SmartStar CWS Web-Base 10.25 authorization

CVE-2024-3956 | Pods Plugin up to 3.2.1 on WordPress Pod Form Redirect URL cross site scripting