CNNVD-202509-3596 Information

CNNVD ID

CNNVD-202509-3596

Related CVE

CVE-2025-10009

• CNNVD Published: 2025-09-22

Description (Chinese)

Invoice Ninja是Invoice Ninja开源的一个具有发票、报价、项目和时间跟踪功能的应用程序。 Invoice Ninja 5.11.72及之前版本存在安全漏洞，该漏洞源于管理员恢复功能对上传文件处理不当，可能导致执行任意代码。

Description (English)

Invoice Ninja is an application with invoice, quotation, project and time-tracking functions from the open source of Invoice Ninja. Invoice Ninja 5.11.72 and earlier versions, there was a security loophole, which stemmed from the inappropriate handling of upload files by the administrator, which could lead to the enforcement of arbitrary codes.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Invoice Ninja

Published

2025-09-22

Last Modified

2026-02-24

References

https://github.com/invoiceninja/invoiceninja/commit/02151b570b226b4584a8e61b06b10be9366da3de

Patch

https://github.com/invoiceninja/invoiceninja/releases