CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 2CVE-2023-46865
https://notcve.org/view.php?id=CVE-2023-46865
30 Oct 2023 — /api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image. /api/v1/company/upload-logo en CompanyController.php en crater hasta 6.0.6 permite a un superadministrador ejecutar código PHP arbitrario colocando este código en un fragmento IDAT image/png de una imagen del Logotipo de la Empresa. • https://github.com/asylumdx/Crater-CVE-2023-46865-RCE • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1032 – Insecure deserialization of not validated module file in crater-invoice/crater
https://notcve.org/view.php?id=CVE-2022-1032
29 Mar 2022 — Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6. Una deserialización no segura de un archivo de módulo no validado en el repositorio de GitHub crater-invoice/crater versiones anteriores a 6.0.6 • https://github.com/crater-invoice/crater/commit/7cde971f8b79579951df98384a5210d25f698af5 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1033 – Unrestricted Upload of File with Dangerous Type in crater-invoice/crater
https://notcve.org/view.php?id=CVE-2022-1033
23 Mar 2022 — Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6. Una Carga no Restringida de Archivos de Tipo Peligroso en el repositorio de GitHub crater-invoice/crater versiones anteriores a 6.0.6 • https://github.com/crater-invoice/crater/commit/88035ea49082f7053a37ef07bf3587e09d9d22b4 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0515 – Cross-Site Request Forgery (CSRF) in crater-invoice/crater
https://notcve.org/view.php?id=CVE-2022-0515
21 Mar 2022 — Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/crater prior to 6.0.4. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el repositorio de GitHub crater-invoice/crater versiones anteriores a 6.0.4 • https://github.com/crater-invoice/crater/commit/2b7028b7c83fd6e8897f244a2e6723baa20479e5 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0514 – Business Logic Errors in crater-invoice/crater
https://notcve.org/view.php?id=CVE-2022-0514
21 Mar 2022 — Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5. Unos Errores de Lógica de Negocio en el repositorio de GitHub crater-invoice/crater versiones anteriores a 6.0.5 • https://github.com/crater-invoice/crater/commit/fadef0ea07d2f7fb3f41c2cae444ebca2f479679 • CWE-840: Business Logic Errors •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0372 – Cross-site Scripting (XSS) - Stored in crater-invoice/crater
https://notcve.org/view.php?id=CVE-2022-0372
27 Jan 2022 — Cross-site Scripting (XSS) - Stored in Packagist bytefury/crater prior to 6.0.2. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Almacenado en Packagist bytefury/crater versiones anteriores a 6.0.2 • https://github.com/crater-invoice/crater/commit/cdc913d16cf624aee852bc9163a7c6ffc8d1da9d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0203 – Improper Access Control in crater-invoice/crater
https://notcve.org/view.php?id=CVE-2022-0203
26 Jan 2022 — Improper Access Control in GitHub repository crater-invoice/crater prior to 6.0.2. Un Control de Acceso Inapropiado en el repositorio de GitHub crater-invoice/crater versiones anteriores a 6.0.2 • https://github.com/crater-invoice/crater/commit/dd324c8bb6b17009f82afe8bc830caec7241e992 • CWE-284: Improper Access Control CWE-862: Missing Authorization •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0242 – Unrestricted Upload of File with Dangerous Type in crater-invoice/crater
https://notcve.org/view.php?id=CVE-2022-0242
17 Jan 2022 — Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0. Una Subida sin Restricciones de Archivos de Tipo Peligroso en el repositorio GitHub crater-invoice/crater versiones anteriores a 6.0 • https://github.com/crater-invoice/crater/commit/dcb3ddecb9f4cde622cc42c51a2760747797624f • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-4080 – Unrestricted Upload of File with Dangerous Type in crater-invoice/crater
https://notcve.org/view.php?id=CVE-2021-4080
12 Jan 2022 — crater is vulnerable to Unrestricted Upload of File with Dangerous Type crater es vulnerable a una Carga no Restringida de Archivos de Tipo Peligroso • https://github.com/crater-invoice/crater/commit/cdc913d16cf624aee852bc9163a7c6ffc8d1da9d • CWE-434: Unrestricted Upload of File with Dangerous Type •