Arbitrary File Upload Vulnerability in InvoicePlane v1.4.10

Arbitrary File Upload Vulnerability in InvoicePlane v1.4.10

CVE-2017-1000238 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload resulting in an authenticated user can upload a malicious file to the webserver. It is possible for an attacker to upload a script which is able to compromise the webserver.

Learn more about our Web App Pen Testing.