Submeter #721323: invoiceninja <= 5.12.38. ssrfinformação

Títuloinvoiceninja <= 5.12.38. ssrf
DescriçãoA Server-Side Request Forgery (SSRF) vulnerability exists in Invoice Ninja <= 5.12.38. The vulnerability is located in the `app/Jobs/Util/Import.php` file within the migration import functionality. The `company_logo` parameter from user-uploaded migration files is not properly validated before being passed to PHP's `copy()` function, allowing authenticated users to make the server send HTTP requests to arbitrary URLs, potentially accessing internal network services, cloud metadata endpoints (AWS/GCP/Azure), and extracting sensitive information including IAM credentials and internal API data.
Fonte⚠️ https://note-hxlab.wetolink.com/share/fWqEpn5fX4rH
Utilizador
 gets (UID 71108)
Submissão22/12/2025 06h09 (há 4 meses)
Moderação06/01/2026 17h20 (15 days later)
EstadoAceite
Entrada VulDB339720 [invoiceninja até 5.12.38 Migration Import Import.php copy company_logo Elevação de Privilégios]
Pontos20

VoltarVisão GeralPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!