Invoice Ninja unauthenticated PHP Deserialization Vulnerability

Invoice Ninja unauthenticated PHP Deserialization Vulnerability

Description

Invoice Ninja is a free invoicing software for small businesses, based on the PHP framework Laravel. A Remote Code Execution vulnerability in Invoice Ninja (>= 5.8.22 <= 5.10.10) allows remote unauthenticated attackers to conduct PHP deserialization attacks via endpoint `/route/` which accepts a Laravel ciphered value which is unsafe unserialized, if an attacker has access to the APP_KEY. As it allows remote code execution, adversaries could exploit this flaw to execute arbitrary commands, potentially resulting in complete system compromise, data exfiltration, or unauthorized access to sensitive information.

Author(s)

• h00die-gr3y <[email protected]>
• Rémi Matasse
• Mickaël Benassouli

Platform

Linux,PHP,Unix

Architectures

php, cmd

Development

• Source Code
• History