PT-2026-29095 · Unknown · Invoice Ninja
Treklaps
·
Published
2026-03-30
·
Updated
2026-03-30
·
CVE-2026-29925
CVSS v3.1
7.7
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Invoice Ninja versions 5.12.46 and 5.12.48
Description
Invoice Ninja versions 5.12.46 and 5.12.48 are susceptible to a Server-Side Request Forgery (SSRF) condition. This issue is located in the
CheckDatabaseRequest.php file. SSRF occurs when an application makes requests to unintended locations, potentially exposing sensitive data or allowing unauthorized actions.Recommendations
Update Invoice Ninja to a version newer than 5.12.48.
Update Invoice Ninja to a version newer than 5.12.46.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Invoice Ninja