Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.1
MATCHA INVOICE: Unrestricted File Upload Allows Malicious Code Execution
CVE-2026-33273
Summary
An administrator can upload a malicious file to your MATCHA INVOICE server, potentially allowing hackers to execute code on the server. This poses a risk to your data and system security. Update to the latest version of MATCHA INVOICE to fix this issue.
Original title
Unrestricted upload of file with dangerous type issue exists in MATCHA INVOICE 2.6.6 and earlier. If this vulnerability is exploited, an arbitrary file may be created by an administrator of the pro...
Original description
Unrestricted upload of file with dangerous type issue exists in MATCHA INVOICE 2.6.6 and earlier. If this vulnerability is exploited, an arbitrary file may be created by an administrator of the product. As a result, arbitrary code may be executed on the server.
nvd CVSS3.0
4.7
nvd CVSS4.0
5.1
Vulnerability type
CWE-434
Unrestricted File Upload
Published: 8 Apr 2026 · Updated: 8 Apr 2026 · First seen: 8 Apr 2026