CNNVD-202601-2645 Information

CNNVD ID

CNNVD-202601-2645

Related CVE

CVE-2025-67084

• CNNVD Published: 2026-01-15

Description (Chinese)

InvoicePlane是InvoicePlane开源的一个应用软件。提供一个自托管的开源应用程序，用于管理您的报价，发票，客户和付款。 InvoicePlane 1.6.3及之前版本存在安全漏洞，该漏洞源于文件上传功能存在缺陷，可能导致远程代码执行。

Description (English)

InvoicePlane is an open-source application for Invoice Plane. Provides an open source application for managing your offers, invoices, customers and payments. There is a security loophole in the Invoice Plane 1.6.3 and earlier versions, which stems from deficiencies in document upload functionality, which may lead to remote code execution.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

InvoicePlane

Published

2026-01-15

Last Modified

2026-02-24

References

https://github.com/InvoicePlane/InvoicePlane https://www.helx.io/blog/advisory-invoice-plane/ https://access.redhat.com/security/cve/cve-2025-67084

Patch

https://www.invoiceplane.com/downloads