CVE-2026-46622 – SolidInvoice: API tokens stored as plaintext in the database allowing full credential compromise on database breach

CVE ID :CVE-2026-46622

Published : June 11, 2026, 8:16 p.m. | 1 hour, 3 minutes ago

Description :SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, API tokens used to authenticate all REST API requests are stored as plaintext strings in the api_tokens database table. Any attacker who obtains read access to the database — through SQL injection, a leaked backup, a misconfigured replica, or insider access — immediately obtains all API credentials for every user with no further effort. This issue has been patched in version 2.3.17.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-47238 – ClipBucket: IDOR in videos subtitle editor

CVE-2026-45060 – ClipBucket: Blind SQL Injection in progress_video.php

CVE-2026-42846 – ClipBucket: Remote Play URL Command Injection

CVE-2026-45418 – ClipBucket: Blind SQL Injection in subtitle_edit.php