CVE-2021-29024

Published May 17th, 2021

View on NVD ↗

CVSS v3

7.5

HIGH

CVSS v2

MEDIUM

Affected

PROJECT

Description

In InvoicePlane 1.5.11 a misconfigured web server allows unauthenticated directory listing and file download. Allowing an attacker to directory traversal and download files suppose to be private without authentication.

InvoicePlane/InvoicePlane

A self-hosted open source application for managing your invoices, clients and payments.

GitHub

3.06K