{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-07-02T01:28:51.612","vulnerabilities":[{"cve":{"id":"CVE-2025-67082","sourceIdentifier":"cve@mitre.org","published":"2026-01-15T15:15:51.213","lastModified":"2026-06-17T09:57:25.700","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An SQL injection vulnerability in InvoicePlane through 1.6.3 has been identified in \"maxQuantity\" and \"minQuantity\" parameters when generating a report. An authenticated attacker can exploit this issue via error-based SQL injection, allowing for the extraction of arbitrary data from the database. The vulnerability arises from insufficient sanitizing of single quotes."},{"lang":"es","value":"Una vulnerabilidad de inyección SQL en InvoicePlane hasta la versión 1.6.3 ha sido identificada en los parámetros 'maxQuantity' y 'minQuantity' al generar un informe. Un atacante autenticado puede explotar este problema mediante inyección SQL basada en errores, permitiendo la extracción de datos arbitrarios de la base de datos. La vulnerabilidad surge de la sanitización insuficiente de las comillas simples."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-01-15T15:50:48.854309Z","id":"CVE-2025-67082","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:invoiceplane:invoiceplane:*:*:*:*:*:*:*:*","versionEndExcluding":"1.6.4","matchCriteriaId":"17C261C3-0A6B-4D07-8370-DD3C71097DE2"}]}]}],"references":[{"url":"https://github.com/InvoicePlane/InvoicePlane","source":"cve@mitre.org","tags":["Product"]},{"url":"https://www.helx.io/blog/advisory-invoice-plane/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]}]}}]}