{"id":"CVE-2024-55555","details":"Invoice Ninja before 5.10.43 allows remote code execution from a pre-authenticated route when an attacker knows the APP_KEY. This is exacerbated by .env files, available from the product's repository, that have default APP_KEY values. The route/{hash} route defined in the invoiceninja/routes/client.php file can be accessed without authentication. The parameter {hash} is passed to the function decrypt that expects a Laravel ciphered value containing a serialized object. (Furthermore, Laravel contains several gadget chains usable to trigger remote command execution from arbitrary deserialization.) Therefore, an attacker in possession of the APP_KEY is able to fully control a string passed to an unserialize function.","modified":"2026-04-10T05:19:16.075101Z","published":"2025-01-07T17:15:30.503Z","references":[{"type":"ADVISORY","url":"https://www.synacktiv.com/advisories/invoiceninja-unauthenticated-remote-command-execution-when-appkey-known"},{"type":"FIX","url":"https://github.com/invoiceninja/invoiceninja/commit/d9302021472c3e7e23bac8c3d5fbec57a5f38f0c"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/invoiceninja/invoiceninja","events":[{"introduced":"0"},{"fixed":"96372e558bdb1104a6bcea206a046b9c7910545e"},{"fixed":"d9302021472c3e7e23bac8c3d5fbec57a5f38f0c"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"5.10.43"}]}}],"versions":["5.8.56","v5.0","v5.0.1","v5.0.10","v5.0.12","v5.0.12-release","v5.0.13","v5.0.13-release","v5.0.16","v5.0.16-release","v5.0.17","v5.0.17-release","v5.0.2","v5.0.23","v5.0.3","v5.0.4","v5.0.5","v5.0.6","v5.0.7","v5.0.8","v5.0.9","v5.10.0","v5.10.1","v5.10.10","v5.10.11","v5.10.12","v5.10.13","v5.10.14","v5.10.15","v5.10.16","v5.10.17","v5.10.18","v5.10.19","v5.10.2","v5.10.20","v5.10.21","v5.10.22","v5.10.23","v5.10.24","v5.10.25","v5.10.26","v5.10.27","v5.10.28","v5.10.29","v5.10.3","v5.10.30","v5.10.31","v5.10.32","v5.10.33","v5.10.34","v5.10.35","v5.10.36","v5.10.37","v5.10.38","v5.10.39","v5.10.4","v5.10.40","v5.10.41","v5.10.42","v5.10.5","v5.10.6","v5.10.7","v5.10.8","v5.10.9","v5.5.100","v5.5.101","v5.5.102","v5.5.103","v5.5.104","v5.5.105","v5.5.106","v5.5.107","v5.5.108","v5.5.109","v5.5.110","v5.5.111","v5.5.112","v5.5.113","v5.5.114","v5.5.115","v5.5.116","v5.5.117","v5.5.118","v5.5.119","v5.5.120","v5.5.121","v5.5.122","v5.5.123","v5.5.124","v5.5.71","v5.5.73","v5.5.74","v5.5.75","v5.5.76","v5.5.77","v5.5.78","v5.5.79","v5.5.80","v5.5.81","v5.5.82","v5.5.83","v5.5.84","v5.5.85","v5.5.86","v5.5.87","v5.5.88","v5.5.89","v5.5.90","v5.5.91","v5.5.92","v5.5.93","v5.5.94","v5.5.95","v5.5.96","v5.5.97","v5.5.98","v5.5.99","v5.6.0","v5.6.1","v5.6.10","v5.6.11","v5.6.12","v5.6.2","v5.6.3","v5.6.4","v5.6.5","v5.6.6","v5.6.7","v5.6.8","v5.6.9","v5.7.10","v5.7.11","v5.7.12","v5.7.13","v5.7.14","v5.7.15","v5.7.16","v5.7.17","v5.7.18","v5.7.19","v5.7.20","v5.7.21","v5.7.22","v5.7.23","v5.7.24","v5.7.25","v5.7.26","v5.7.27","v5.7.28","v5.7.29","v5.7.30","v5.7.31","v5.7.32","v5.7.33","v5.7.34","v5.7.35","v5.7.36","v5.7.37","v5.7.38","v5.7.39","v5.7.40","v5.7.41","v5.7.42","v5.7.43","v5.7.44","v5.7.45","v5.7.46","v5.7.47","v5.7.48","v5.7.49","v5.7.50","v5.7.51","v5.7.52","v5.7.53","v5.7.54","v5.7.55","v5.7.56","v5.7.57","v5.7.58","v5.7.59","v5.7.60","v5.7.61","v5.7.62","v5.7.63","v5.7.7","v5.7.8","v5.7.9","v5.8.0","v5.8.1","v5.8.10","v5.8.11","v5.8.12","v5.8.13","v5.8.14","v5.8.15","v5.8.16","v5.8.17","v5.8.18","v5.8.19","v5.8.2","v5.8.20","v5.8.21","v5.8.22","v5.8.23","v5.8.24","v5.8.25","v5.8.26","v5.8.27","v5.8.28","v5.8.29","v5.8.3","v5.8.30","v5.8.31","v5.8.32","v5.8.33","v5.8.34","v5.8.35","v5.8.36","v5.8.37","v5.8.38","v5.8.39","v5.8.4","v5.8.40","v5.8.41","v5.8.42","v5.8.43","v5.8.44","v5.8.45","v5.8.46","v5.8.47","v5.8.48","v5.8.49","v5.8.5","v5.8.50","v5.8.51","v5.8.52","v5.8.53","v5.8.54","v5.8.55","v5.8.56","v5.8.57","v5.8.6","v5.8.7","v5.8.8","v5.8.9","v5.9.0","v5.9.1","v5.9.2","v5.9.3","v5.9.4","v5.9.5","v5.9.6","v5.9.7","v5.9.8","v5.9.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-55555.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}