Unauthenticated Directory Listing and File Download Vulnerability in InvoicePlane 1.5.11

Unauthenticated Directory Listing and File Download Vulnerability in InvoicePlane 1.5.11

CVE-2021-29024 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

In InvoicePlane 1.5.11 a misconfigured web server allows unauthenticated directory listing and file download. Allowing an attacker to directory traversal and download files suppose to be private without authentication.

Learn more about our Web App Pen Testing.