Home

Description

Incorrect handling of uploaded files in the admin "Restore" function in Invoice Ninja <= 5.11.72 allows attackers with admin credentials to execute arbitrary code on the server via uploaded .php files.

PUBLISHED Reserved 2025-09-05 | Published 2025-09-22 | Updated 2025-09-22 | Assigner NCSC-FI




HIGH: 8.6CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Problem types

CWE-434 Unrestricted Upload of File with Dangerous Type

Product status

Default status
unaffected

5.11.41 (custom)
affected

5.11.73 (custom)
unaffected

Credits

lassi finder

References

github.com/...ommit/02151b570b226b4584a8e61b06b10be9366da3de

cve.org (CVE-2025-10009)

nvd.nist.gov (CVE-2025-10009)

Download JSON