Remote Code Execution Vulnerability in Invoice Ninja by Invoice Ninja
CVE-2024-55555
Key Information:
- Vendor
Invoice Ninja
- Vendor
- CVE Published:
- 7 January 2025
Badges
What is CVE-2024-55555?
A vulnerability in Invoice Ninja prior to version 5.10.43 permits attackers to execute remote code through an unauthenticated route when the APP_KEY is known. The issue arises from pre-existing .env files that contain default APP_KEY values accessible via the product's repository. The vulnerable route, defined in invoiceninja/routes/client.php, can be exploited without any authentication. An attacker can manipulate the {hash} parameter, which is utilized by the decrypt function that expects a Laravel ciphered value with a serialized object. The presence of known gadget chains in Laravel further allows an attacker to execute arbitrary commands via unauthorized deserialization. This vulnerability potentially gives complete control to an attacker possessing the APP_KEY.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.