Vulnerabilities > Invoiceninja > High

DATE CVE VULNERABILITY TITLE RISK
2021-06-06 CVE-2021-33898 Deserialization of Untrusted Data vulnerability in Invoiceninja Invoice Ninja
In Invoice Ninja before 4.4.0, there is an unsafe call to unserialize() in app/Ninja/Repositories/AccountRepository.php that may allow an attacker to deserialize arbitrary PHP classes.
network
high complexity
invoiceninja CWE-502
8.1
8.1