| Название | invoiceninja <= 5.12.38. ssrf |
|---|
| Описание | A Server-Side Request Forgery (SSRF) vulnerability exists in Invoice Ninja <= 5.12.38. The vulnerability is located in the `app/Jobs/Util/Import.php` file within the migration import functionality. The `company_logo` parameter from user-uploaded migration files is not properly validated before being passed to PHP's `copy()` function, allowing authenticated users to make the server send HTTP requests to arbitrary URLs, potentially accessing internal network services, cloud metadata endpoints (AWS/GCP/Azure), and extracting sensitive information including IAM credentials and internal API data. |
|---|
| Источник | ⚠️ https://note-hxlab.wetolink.com/share/fWqEpn5fX4rH |
|---|
| Пользователь | gets (UID 71108) |
|---|
| Представление | 22.12.2025 06:09 (4 месяцы назад) |
|---|
| Модерация | 06.01.2026 17:20 (15 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 339720 [invoiceninja до 5.12.38 Migration Import Import.php copy company_logo эскалация привилегий] |
|---|
| Баллы | 20 |
|---|