BID:22818

Simple Invoices PDF Print Preview Security Bypass Vulnerability

Info

Simple Invoices PDF Print Preview Security Bypass Vulnerability

Bugtraq ID:	22818
Class:	Input Validation Error
CVE:	CVE-2007-1341
Remote:	Yes
Local:	No
Published:	Mar 05 2007 12:00AM
Updated:	May 12 2015 07:33PM
Credit:	Justin is credited with discovering this issue.
Vulnerable:	Simple Invoices Simple Invoices 20070125 Simple Invoices Simple Invoices 20061211

Not Vulnerable:	Simple Invoices Simple Invoices 20070305

Discussion

Simple Invoices PDF Print Preview Security Bypass Vulnerability

Simple Invoices is prone to a security-bypass vulnerability because the application fails to protect sensitive information from unauthorized users.

An attacker may exploit this issue to retrieve invoice information.

Exploit / POC

Simple Invoices PDF Print Preview Security Bypass Vulnerability

An attacker may exploit this issue via a browser.

Solution / Fix

Simple Invoices PDF Print Preview Security Bypass Vulnerability

Solution:
The vendor released version 20070305 to address this issue. Please see the references for more information.

Simple Invoices Simple Invoices 20061211

Simple Invoices 20070305.zip
http://downloads.sourceforge.net/simpleinvoices/simpleinvoices_2007030 5.zip?modtime=1173123370&big_mirror=0

Simple Invoices Simple Invoices 20070125

Simple Invoices 20070305.zip
http://downloads.sourceforge.net/simpleinvoices/simpleinvoices_2007030 5.zip?modtime=1173123370&big_mirror=0

References

Simple Invoices PDF Print Preview Security Bypass Vulnerability

References:

Simple Invoices Homepage (Simple Invoices)
Security/Authentification: Print preview /pdf woes (Justin)
Simple Invoices 20070305 release notes (Simple Invoices)