CVE-2024-12478 | InvoicePlane up to 1.6.1 upload_file unrestricted upload

A vulnerability was found in InvoicePlane up to 1.6.1. It has been declared as critical. This vulnerability affects the function upload_file of the file /index.php/upload/upload_file/1/1. The manipulation of the argument file leads to unrestricted upload.

This vulnerability was named CVE-2024-12478. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

It is recommended to upgrade the affected component.

The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

CVE-2024-12478 | InvoicePlane up to 1.6.1 upload_file unrestricted upload

Post correlati

CVE-2024-5239 | Campcodes Complete Web-Based School Management System 1.0 timetable_update_form.php grade sql injection

CVE-2024-44278 | Apple macOS information disclosure

CVE-2024-7165 | SourceCodester School Fees Payment System 1.0 /view_payment.php ef_id sql injection

CVE-2024-50560 | Siemens RUGGEDCOM RM1224 LTE(4G) EU up to 8.1 input validation (ssa-354112)