CNNVD-202601-2647 Information
CNNVD ID
CNNVD-202601-2647
Related CVE
- CNNVD Published: 2026-01-15
Description (Chinese)
InvoicePlane是InvoicePlane开源的一个应用软件。提供一个自托管的开源应用程序,用于管理您的报价,发票,客户和付款。 InvoicePlane 1.6.3及之前版本存在安全漏洞,该漏洞源于对maxQuantity和minQuantity参数中的单引号清理不足,可能导致SQL注入攻击。
Description (English)
InvoicePlane is an open-source application for Invoice Plane. Provides an open source application for managing your offers, invoices, customers and payments. There is a security loophole in the Invoice Plane 1.6.3 and earlier versions, which stems from a lack of clean-up of single quotes in the maxQuantity and MinQuantity parameters, which could lead to an attack by SQL.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
InvoicePlane
Published
2026-01-15
Last Modified
2026-02-24
References
https://github.com/InvoicePlane/InvoicePlane https://www.helx.io/blog/advisory-invoice-plane/ https://access.redhat.com/security/cve/cve-2025-67082
Patch
https://www.invoiceplane.com/downloads
Share on: