Crater

crater

Vendor: Craterapp • 9 CVEs

CVEs (9)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-46865 1Craterapp 1Crater Nov 21, 2024 Oct 30, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 /api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image.
CVE-2022-1032 1Craterapp 1Crater Nov 21, 2024 Mar 29, 2022 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6.
CVE-2022-1033 1Craterapp 1Crater Nov 21, 2024 Mar 23, 2022 N/A· v4 7.8 HIGH· v3 6.5 MEDIUM· v2 Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6.
CVE-2022-0515 1Craterapp 1Crater Nov 21, 2024 Mar 21, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/crater prior to 6.0.4.
CVE-2022-0514 1Craterapp 1Crater Nov 21, 2024 Mar 21, 2022 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5.
CVE-2022-0372 1Craterapp 1Crater Nov 21, 2024 Jan 27, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross-site Scripting (XSS) - Stored in Packagist bytefury/crater prior to 6.0.2.
CVE-2022-0203 1Craterapp 1Crater Nov 21, 2024 Jan 26, 2022 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Improper Access Control in GitHub repository crater-invoice/crater prior to 6.0.2.
CVE-2022-0242 1Craterapp 1Crater Nov 21, 2024 Jan 17, 2022 N/A· v4 7.2 HIGH· v3 6.0 MEDIUM· v2 Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.
CVE-2021-4080 1Craterapp 1Crater Nov 21, 2024 Jan 12, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 crater is vulnerable to Unrestricted Upload of File with Dangerous Type