MODULE

Invoice Ninja unauthenticated PHP Deserialization Vulnerability

Try Surface Command Get a continuous 360° view of your attack surface
Back to Search

Invoice Ninja unauthenticated PHP Deserialization Vulnerability

Disclosed
12/13/2024
Created
02/25/2025

Description

Invoice Ninja is a free invoicing software for small businesses, based on the PHP framework Laravel. A Remote Code Execution vulnerability in Invoice Ninja (>= 5.8.22 <= 5.10.10) allows remote unauthenticated attackers to conduct PHP deserialization attacks via endpoint `/route/` which accepts a Laravel ciphered value which is unsafe unserialized, if an attacker has access to the APP_KEY. As it allows remote code execution, adversaries could exploit this flaw to execute arbitrary commands, potentially resulting in complete system compromise, data exfiltration, or unauthorized access to sensitive information.

Author(s)

  • h00die-gr3y <h00die.gr3y@gmail.com>
  • Rémi Matasse
  • Mickaël Benassouli

Platform

Linux,PHP,Unix

Architectures

php, cmd

Development

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/linux/http/invoiceninja_unauth_rce_cve_2024_55555
msf exploit(invoiceninja_unauth_rce_cve_2024_55555) > show targets
    ...targets...
msf exploit(invoiceninja_unauth_rce_cve_2024_55555) > set TARGET < target-id >
msf exploit(invoiceninja_unauth_rce_cve_2024_55555) > show options
    ...show and set options...
msf exploit(invoiceninja_unauth_rce_cve_2024_55555) > exploit

Metasploit

Penetration testing software for offensive security teams.
Key Features
Free Metasploit Pro Trial View All Features

Time is precious, so I don’t want to do something manually that I can automate. Leveraging the Metasploit Framework when automating any task keeps us from having to re-create the wheel as we can use the existing libraries and focus our efforts where it matters.

– Jim O’Gorman | President, Offensive Security

;