Gets

**Name of the Vulnerable Software and Affected Versions** invoiceninja versions prior to 5.12.38 **Description** A security issue exists in invoiceninja. The issue involves server-side request forgery (SSRF) stemming from manipulation of the `company logo` argument within the `copy` function of the `/app/Jobs/Util/Import.php` file, part of the Migration Import component. This allows for remote exploitation. The details of the issue have been publicly disclosed. **Recommendations** Update invoiceninja to version 5.12.38 or later.

**Name of the Vulnerable Software and Affected Versions** EmpireSoft EmpireCMS versions up to 8.0 **Description** A security issue exists in EmpireSoft EmpireCMS related to the IP Address Handler component. The issue resides in the `egetip` function within the `e/class/connect.php` file. This flaw results in a failure of protection mechanisms. The attack can be initiated remotely. The exploit for this issue has been published. The vendor was notified but did not respond. **Recommendations** Versions prior to 8.0 should be updated. As a temporary workaround, consider restricting access to the `e/class/connect.php` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** EmpireSoft EmpireCMS versions prior to 8.0 **Description** A flaw exists in EmpireSoft EmpireCMS that allows for unrestricted file uploads. This issue is located in the `CheckSaveTranFiletype` function within the `e/class/connect.php` file. Successful exploitation may occur remotely. The details of the issue have been publicly disclosed. The vendor was informed of this disclosure but did not provide a response. **Recommendations** Update to a version of EmpireSoft EmpireCMS newer than 8.0.