Remote Code Execution in InvoicePlane by InvoicePlane
CVE-2024-56975

Currently unrated

Key Information:

Vendor: InvoicePlane
Status: InvoicePlane
Vendor: CVE Published:; 28 March 2025

🔔 Create InvoicePlane Vulnerability Alert

What is CVE-2024-56975?

The InvoicePlane application, specifically in versions up to and including 1.6.11, is susceptible to a remote code execution vulnerability due to flaws in the upload_file method of the Upload controller. This vulnerability allows an attacker to execute arbitrary code on the server, potentially leading to full system compromise. It is crucial for users of InvoicePlane to review their security configurations and apply any available patches to mitigate this risk.

References

https://github.com/InvoicePlane/InvoicePlane/pull/1166

https://github.com/InvoicePlane/InvoicePlane/pull/1127

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 28, 2025
Vulnerability Reserved
Jan 9, 2025