CNNVD-202601-2646 Information

CNNVD ID

CNNVD-202601-2646

Related CVE

CVE-2025-67083

• CNNVD Published: 2026-01-15

Description (Chinese)

InvoicePlane是InvoicePlane开源的一个应用软件。提供一个自托管的开源应用程序，用于管理您的报价，发票，客户和付款。 InvoicePlane 1.6.3及之前版本存在安全漏洞，该漏洞源于存在目录遍历缺陷，可能导致读取服务器文件。

Description (English)

InvoicePlane is an open-source application for Invoice Plane. Provides an open source application for managing your offers, invoices, customers and payments. There is a security loophole in the Invoice Plane 1.6.3 and earlier versions, which stems from a catalogue-wide defect that may lead to access to server files.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

InvoicePlane

Published

2026-01-15

Last Modified

2026-02-24

References

https://github.com/InvoicePlane/InvoicePlane https://www.helx.io/blog/advisory-invoice-plane/ https://access.redhat.com/security/cve/cve-2025-67083

Patch

https://www.invoiceplane.com/downloads