Remote Code Execution Vulnerability in Invoice Ninja by Invoice Ninja
CVE-2024-55555

Currently unrated

Key Information:

Vendor
CVE Published:
7 January 2025

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 30%

What is CVE-2024-55555?

A vulnerability in Invoice Ninja prior to version 5.10.43 permits attackers to execute remote code through an unauthenticated route when the APP_KEY is known. The issue arises from pre-existing .env files that contain default APP_KEY values accessible via the product's repository. The vulnerable route, defined in invoiceninja/routes/client.php, can be exploited without any authentication. An attacker can manipulate the {hash} parameter, which is utilized by the decrypt function that expects a Laravel ciphered value with a serialized object. The presence of known gadget chains in Laravel further allows an attacker to execute arbitrary commands via unauthorized deserialization. This vulnerability potentially gives complete control to an attacker possessing the APP_KEY.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

References

EPSS Score

30% chance of being exploited in the next 30 days.

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

.