Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Invoice Ninja before 5.10.43 allows remote code execution from a pre-authenticated route when an attacker knows the APP_KEY. This is exacerbated by .env files, available from the product's repository, that have default APP_KEY values. The route/{hash} route defined in the invoiceninja/routes/client.php file can be accessed without authentication. The parameter {hash} is passed to the function decrypt that expects a Laravel ciphered value containing a serialized object. (Furthermore, Laravel contains several gadget chains usable to trigger remote command execution from arbitrary deserialization.) Therefore, an attacker in possession of the APP_KEY is able to fully control a string passed to an unserialize function.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Invoice Ninja 代码问题漏洞
Vulnerability Description
Invoice Ninja是Invoice Ninja开源的一个使用 Laravel 构建的可用发票、报价、项目和时间跟踪应用程序。 Invoice Ninja 5.10.43之前版本存在代码问题漏洞。攻击者利用该漏洞可以远程执行命令。
CVSS Information
N/A
Vulnerability Type
N/A