PT-2025-51684 · Unknown · Invoiceplane
Tarek Ramadan
·
Published
2025-12-16
·
Updated
2025-12-21
·
CVE-2025-64012
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
InvoicePlane versions prior to commit debb446c
Description
The software contains an issue related to incorrect access control. Specifically, the
invoices/view handler does not properly verify ownership before disclosing invoice data. This could allow unauthorized access to sensitive information. The vulnerable component is the invoices/view handler.Recommendations
Update to a version after commit debb446c.
Exploit
Fix
Improper Access Control
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Invoiceplane