Back to search
CVE-2025-10009
Published: Sep 22, 2025
Modified: Sep 22, 2025
PUBLISHED
Description
Incorrect handling of uploaded files in the admin "Restore" function in Invoice Ninja <= 5.11.72 allows attackers with admin credentials to execute arbitrary code on the server via uploaded .php files.
| Vendor | Product | Versions |
|---|---|---|
Invoice Ninja | Invoice Ninja 5 | affected 5.11.41 - <= 5.11.72unaffected 5.11.73 - <= * |
Weaknesses (CWE)
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now