VYPR
Unrated severityOSV Advisory· Published Jan 15, 2026· Updated Jan 22, 2026

CVE-2025-67084

CVE-2025-67084

Description

File upload vulnerability in InvoicePlane through 1.6.3 allows authenticated attackers to upload arbitrary PHP files into attachments, which can later be executed remotely, leading to Remote Code Execution (RCE).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • 0.9beta, v1.0.0, v1.0.1, …+ 1 more
    • (no CPE)range: 0.9beta, v1.0.0, v1.0.1, …
    • (no CPE)range: <=1.6.3

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.