Vulnerabilities (CVE)

Filtered by vendor Craterapp Subscribe
Total 9 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-46865 1 Craterapp 1 Crater 2024-02-28 N/A 7.2 HIGH
/api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image.
CVE-2022-1032 1 Craterapp 1 Crater 2024-02-28 6.5 MEDIUM 7.2 HIGH
Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6.
CVE-2022-0514 1 Craterapp 1 Crater 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5.
CVE-2022-0515 1 Craterapp 1 Crater 2024-02-28 4.3 MEDIUM 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/crater prior to 6.0.4.
CVE-2022-1033 1 Craterapp 1 Crater 2024-02-28 6.5 MEDIUM 7.8 HIGH
Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6.
CVE-2021-4080 1 Craterapp 1 Crater 2024-02-28 6.5 MEDIUM 8.8 HIGH
crater is vulnerable to Unrestricted Upload of File with Dangerous Type
CVE-2022-0203 1 Craterapp 1 Crater 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
Improper Access Control in GitHub repository crater-invoice/crater prior to 6.0.2.
CVE-2022-0372 1 Craterapp 1 Crater 2024-02-28 3.5 LOW 5.4 MEDIUM
Cross-site Scripting (XSS) - Stored in Packagist bytefury/crater prior to 6.0.2.
CVE-2022-0242 1 Craterapp 1 Crater 2024-02-28 6.0 MEDIUM 7.2 HIGH
Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.