Shodan
Vulnerabilities
Vulnerable Software
Craterapp:  >> Crater  >> 3.1.1  Security Vulnerabilities
CVE-2023-46865
/api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image.
CVSS Score
7.2
EPSS Score
0.682
Published
2023-10-30
CVE-2022-1032
Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6.
CVSS Score
7.2
EPSS Score
0.004
Published
2022-03-29
CVE-2022-1033
Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6.
CVSS Score
7.2
EPSS Score
0.002
Published
2022-03-23
CVE-2022-0514
Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-03-21
CVE-2022-0515
Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/crater prior to 6.0.4.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-03-21
CVE-2022-0372
Cross-site Scripting (XSS) - Stored in Packagist bytefury/crater prior to 6.0.2.
CVSS Score
7.6
EPSS Score
0.003
Published
2022-01-27
CVE-2022-0203
Improper Access Control in GitHub repository crater-invoice/crater prior to 6.0.2.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-01-26
CVE-2022-0242
Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.
CVSS Score
7.2
EPSS Score
0.005
Published
2022-01-17
CVE-2021-4080
crater is vulnerable to Unrestricted Upload of File with Dangerous Type
CVSS Score
8.8
EPSS Score
0.004
Published
2022-01-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved