CNNVD-202601-1229 Information

CNNVD ID

CNNVD-202601-1229

Related CVE

CVE-2026-0649

• CNNVD Published: 2026-01-07

Description (Chinese)

Invoice Ninja是美国Invoice Ninja公司的一个免费发票软件。 Invoice Ninja 5.12.38及之前版本存在代码问题漏洞，该漏洞源于对组件Migration Import的文件/app/Jobs/Util/Import.php中参数company_logo的错误操作，可能导致服务端请求伪造。

Description (English)

Invoice Ninja is a free invoice software for the United States company Invoice Ninja. There is a code problem gap in the Invoice Ninja 5.12.38 and previous versions, which stems from the mishandling of the parameter Company logo in the document/app/Jobs/Util/Import.php of the component Migration Report, which may result in the forgery of service requests.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

Invoice Ninja

Published

2026-01-07

Last Modified

2026-02-24

References

https://vuldb.com/?id.339720 https://vuldb.com/?ctiid.339720 https://vuldb.com/?submit.721323 https://note-hxlab.wetolink.com/share/fWqEpn5fX4rH https://access.redhat.com/security/cve/cve-2026-0649