PT-2026-29095 · Unknown · Invoice Ninja
Treklaps
·
Publicado
2026-03-30
·
Atualizado
2026-03-30
·
CVE-2026-29925
CVSS v3.1
7.7
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Invoice Ninja versions 5.12.46 and 5.12.48
Description
Invoice Ninja versions 5.12.46 and 5.12.48 are susceptible to a Server-Side Request Forgery (SSRF) condition. This issue is located in the
CheckDatabaseRequest.php file. SSRF occurs when an application makes requests to unintended locations, potentially exposing sensitive data or allowing unauthorized actions.Recommendations
Update Invoice Ninja to a version newer than 5.12.48.
Update Invoice Ninja to a version newer than 5.12.46.
Correção
SSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Invoice Ninja