CVE-2024-12362 | InvoicePlane up to 1.6.1 invoices.php download invoice path traversal

A vulnerability was found in InvoicePlane up to 1.6.1. It has been classified as problematic. This affects the function download of the file invoices.php. The manipulation of the argument invoice leads to path traversal.

This vulnerability is uniquely identified as CVE-2024-12362. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

It is recommended to upgrade the affected component.

The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

CVE-2024-12362 | InvoicePlane up to 1.6.1 invoices.php download invoice path traversal

Related Posts

CVE-2023-49874 | Mattermost up to 7.8.14/8.1.5/9.0.3/9.1.2/9.2.1 Task access control

CVE-2023-27283 | IBM Aspera Orchestrator 4.0.1 observable response discrepancy (XFDB-248545)

CVE-2024-6560 | Addonify Plugin up to 1.2.16 on WordPress information disclosure

CVE-2024-30309 | Adobe Substance 3D Painter up to 9.1.2 out-of-bounds (apsb24-31)