InvoicePlane commit debb446c is vulnerable to Incorrect Access Control. The invoices/view handler fails to verify ownership before returning invoice data.
InvoicePlane (all versions tested as of December 2024) v.1.6.11 and before contains a remote code execution vulnerability in the upload_file method of the Upload controller.
A vulnerability was found in InvoicePlane up to 1.6.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /invoices/view. The manipulation leads to session
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A path traversal vulnerability exists in the `get_file` method of the `Guest` module's `Get` control
A vulnerability was found in InvoicePlane up to 1.6.1. It has been declared as critical. This vulnerability affects the function upload_file of the file /index.php/upload/upload_file/1/1. The manipula
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A critical Remote Code Execution (RCE) vulnerability exists in InvoicePlane 1.7.0 through a chained
File upload vulnerability in InvoicePlane through 1.6.3 allows authenticated attackers to upload arbitrary PHP files into attachments, which can later be executed remotely, leading to Remote Code Exec
A vulnerability has been found in SolidInvoice up to 2.4.0. This vulnerability affects unknown code of the file /invoice/recurring of the component Recurring Invoice Module. The manipulation of the ar
The eDocument Cockpit (Inbound NF-e) in SAP Electronic Invoicing for Brazil allows an authenticated attacker with certain privileges to gain unauthorized access to each transaction. By executing the s
A vulnerability has been found in Akaunting up to 3.1.21. This issue affects some unknown processing of the component Invoice/Billing. The manipulation of the argument notes leads to cross site script
An improper access control vulnerability exists in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f, allowing users to submit reviews without verifying if they have purchased the produ
woocommerce-pdf-invoices-packing-slips is an extension which allows users to create, print & automatically email PDF invoices & packing slips for WooCommerce orders. This vulnerability allows unauthor
An issue in Insiders Technologies GmbH e-invoice pro before release 1 Service Pack 2 allows a remote attacker to cause a denial of service via a crafted script
Missing Authorization vulnerability in WP Overnight WooCommerce PDF Invoices & Packing Slips woocommerce-pdf-invoices-packing-slips allows Exploiting Incorrectly Configured Access Control Security Lev
A vulnerability was found in SolidInvoice up to 2.4.0. This issue affects some unknown processing of the file /invoice of the component Invoice Creation Module. The manipulation of the argument Client
A security vulnerability has been detected in invoiceninja up to 5.12.38. The affected element is the function copy of the file /app/Jobs/Util/Import.php of the component Migration Import. The manipul
Missing Authorization vulnerability in EDGARROJAS WooCommerce PDF Invoice Builder woo-pdf-invoice-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woo
Missing Authorization vulnerability in WP Overnight WooCommerce PDF Invoices & Packing Slips woocommerce-pdf-invoices-packing-slips allows Exploiting Incorrectly Configured Access Control Security Lev
A weakness has been identified in code-projects Invoice System in Laravel 1.0. The impacted element is an unknown function of the file /company. This manipulation of the argument logo causes unrestric
A security vulnerability has been detected in Bdtask Flight Booking Software up to 3.1. Affected by this issue is some unknown functionality of the file /admin/transaction/deposit of the component Dep
Page 1+ Next →