Home
Description
File upload vulnerability in InvoicePlane through 1.6.3 allows authenticated attackers to upload arbitrary PHP files into attachments, which can later be executed remotely, leading to Remote Code Execution (RCE).
References
github.com/InvoicePlane/InvoicePlane
www.helx.io/blog/advisory-invoice-plane/