| タイトル | invoiceninja <= 5.12.38. ssrf |
|---|
| 説明 | A Server-Side Request Forgery (SSRF) vulnerability exists in Invoice Ninja <= 5.12.38. The vulnerability is located in the `app/Jobs/Util/Import.php` file within the migration import functionality. The `company_logo` parameter from user-uploaded migration files is not properly validated before being passed to PHP's `copy()` function, allowing authenticated users to make the server send HTTP requests to arbitrary URLs, potentially accessing internal network services, cloud metadata endpoints (AWS/GCP/Azure), and extracting sensitive information including IAM credentials and internal API data. |
|---|
| ソース | ⚠️ https://note-hxlab.wetolink.com/share/fWqEpn5fX4rH |
|---|
| ユーザー | gets (UID 71108) |
|---|
| 送信 | 2025年12月22日 06:09 (4 月 ago) |
|---|
| モデレーション | 2026年01月06日 17:20 (15 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 339720 [invoiceninja 迄 5.12.38 Migration Import Import.php copy company_logo 特権昇格] |
|---|
| ポイント | 20 |
|---|