PT-2021-18026 · Unknown · Invoiceplane

Published

2021-05-10

Updated

2021-05-19

CVE-2021-29022

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions: InvoicePlane version 1.5.11

Description: The issue concerns the upload feature in InvoicePlane, which discloses the full path of the file upload directory.

Recommendations: For InvoicePlane version 1.5.11, consider restricting access to the upload feature until a patch is available. As a temporary workaround, review and modify the file upload directory permissions to minimize potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2021-29022

Affected Products

Invoiceplane

PT-2021-18026 · Unknown · Invoiceplane

CVE-2021-29022

Weakness Enumeration

Related Identifiers

Affected Products

References · 4