Primary

Context

MATCHA INVOICE Unrestricted File Upload Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A vulnerability allowing unrestricted file uploads of dangerous types has been identified in MATCHA INVOICE versions through 2.6.6. This issue enables administrators to upload arbitrary files, which could lead to the execution of arbitrary code on the server.

Impact

Exploitation of this vulnerability allows for arbitrary file uploads by administrators, potentially leading to the execution of arbitrary code on the server.

Remediation

Users are advised to update MATCHA INVOICE to version 2.6.7, available on the product's download page. Instructions for updating from previous versions can be found on the developer's blog.

Added: Apr 8, 2026, 6:18 AM

Updated: Apr 8, 2026, 6:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.8

remediation

0.0

relevance

5.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.8

remediation

0.0

relevance

5.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MATCHA INVOICE Unrestricted File Upload Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating