CVE-2017-1000238

InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload resulting in an authenticated user can upload a malicious file to the webserver. It is possible for an attacker to upload a script which is able to compromise the webserver.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:invoiceplane:invoiceplane:1.4.10:*:*:*:*:*:*:*

Information

Published : 2017-11-16 19:29

Updated : 2017-11-30 11:15


NVD link : CVE-2017-1000238

Mitre link : CVE-2017-1000238


JSON object : View

CWE
CWE-434

Unrestricted Upload of File with Dangerous Type

Advertisement

dedicated server usa

Products Affected

invoiceplane

  • invoiceplane