CVE-2025-67082

Published: Jan 15, 2026

Modified: Jan 15, 2026

PUBLISHED

Description

An SQL injection vulnerability in InvoicePlane through 1.6.3 has been identified in "maxQuantity" and "minQuantity" parameters when generating a report. An authenticated attacker can exploit this issue via error-based SQL injection, allowing for the extraction of arbitrary data from the database. The vulnerability arises from insufficient sanitizing of single quotes.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/InvoicePlane/InvoicePlane

https://www.helx.io/blog/advisory-invoice-plane/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-67082

Description

Affected Products

References