Unrated severityOSV Advisory· Published Jan 15, 2026· Updated Jan 22, 2026
CVE-2025-67084
CVE-2025-67084
Description
File upload vulnerability in InvoicePlane through 1.6.3 allows authenticated attackers to upload arbitrary PHP files into attachments, which can later be executed remotely, leading to Remote Code Execution (RCE).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
20.9beta, v1.0.0, v1.0.1, …+ 1 more
- (no CPE)range: 0.9beta, v1.0.0, v1.0.1, …
- (no CPE)range: <=1.6.3
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.