File upload vulnerability in InvoicePlane through 1.6.3 allows authenticated attackers to upload arbitrary PHP files into attachments, which can later be executed remotely, leading to Remote Code Execution (RCE).Referenceshttps://github.com/InvoicePlane/InvoicePlanehttps://www.helx.io/blog/advisory-invoice-plane/
