CVE-2026-29925

Description

Invoice Ninja v5.12.46 and v5.12.48 is vulnerable to Server-Side Request Forgery (SSRF) in CheckDatabaseRequest.php.

PUBLISHED Reserved 2026-03-04 | Published 2026-03-30 | Updated 2026-03-30 | Assigner mitre

References

github.com/...p/Http/Requests/Setup/CheckDatabaseRequest.php

gist.github.com/TrekLaps/5b2c72106d950dab0cd1897eb93200f1

cve.org (CVE-2026-29925)

nvd.nist.gov (CVE-2026-29925)

Download JSON