PT-2026-31085 · Unknown · Matcha Invoice
Published
2026-04-08
·
Updated
2026-04-13
·
CVE-2026-33273
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
MATCHA INVOICE versions 2.6.6 and earlier
Description
An issue exists in MATCHA INVOICE that allows for unrestricted file uploads of dangerous types. Successful exploitation by a product administrator could lead to the creation of arbitrary files, potentially resulting in arbitrary code execution on the server.
Recommendations
Update MATCHA INVOICE to a version later than 2.6.6.
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Matcha Invoice