Craterapp: >> Crater >> 6.0.5 Security Vulnerabilities
/api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image.
CVSS Score
7.2
EPSS Score
0.682
Published
2023-10-30
Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6.
CVSS Score
7.2
EPSS Score
0.004
Published
2022-03-29
Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6.
CVSS Score
7.2
EPSS Score
0.002
Published
2022-03-23