CVE-2025-67082

Name of the Vulnerable Software and Affected Versions InvoicePlane versions through 1.6.3

Description An SQL injection issue exists in InvoicePlane. The problem is found in the maxQuantity and minQuantity parameters when generating a report. A user with valid credentials can exploit this by using error-based SQL injection to retrieve data from the database. This is due to inadequate sanitization of single quotes.

Recommendations Update InvoicePlane to a version later than 1.6.3.