Primary

Context

Invoice Ninja File Upload Vulnerability in Admin Restore Function Allowing Arbitrary Code Execution

Vulnerability

Patched

A vulnerability exists in Invoice Ninja versions through 5.11.72, related to improper handling of uploaded files in the admin 'Restore' function. This issue enables attackers with admin credentials to execute arbitrary code on the server by uploading malicious .php files.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of code on the server, potentially allowing an attacker to take control of the server or disrupt its operations.

Reproduction

To reproduce this vulnerability, an admin user can upload a .php file through the 'Restore' function. The application does not properly validate or restrict file uploads, allowing the execution of the uploaded PHP code on the server.

Remediation

Users can update to Invoice Ninja version 5.12.27 or later, where this vulnerability has been addressed.

Added: Sep 22, 2025, 5:11 PM

Updated: Sep 22, 2025, 5:11 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

10.0

exploitability

6.0

remediation

7.7

relevance

0.6

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

10.0

exploitability

6.0

remediation

7.7

relevance

0.6

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Invoice Ninja File Upload Vulnerability in Admin Restore Function Allowing Arbitrary Code Execution

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Invoice Ninja

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating