Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 7:41 a.m.10 views

CVE-2024-55556

A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APPKEY to achieve remote command execution on the server by manipulating the laravelsession cookie, exploiting arbitrary deserialization through the encrypted session data. The exploitation vector of this...

9.8CVSS7.6AI score0.4356EPSS
Exploits2References1
Rapid7 Blog
Rapid7 Blog
added 2025/03/14 7:9 p.m.16 views

Metasploit Weekly Wrap-Up 03/14/25

New module content 1 InvoiceShelf unauthenticated PHP Deserialization Vulnerability Authors: Mickaël Benassouli, Rémi Matasse, and h00die-gr3y Type: Exploit Pull request: 19950 contributed by h00die-gr3y Path: linux/http/invoiceshelfunauthrcecve202455556 AttackerKB reference: CVE-2024-55556...

9.8CVSS9.9AI score0.4356EPSS
Exploits6
OSV
OSV
added 2025/01/07 4:15 p.m.3 views

CVE-2024-55556

A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APPKEY to achieve remote command execution on the server by manipulating the laravelsession cookie, exploiting arbitrary deserialization through the encrypted session data. The exploitation vector of this...

9.8CVSS6AI score0.4356EPSS
Exploits2References3
NVD
NVD
added 2025/01/07 4:15 p.m.14 views

CVE-2024-55556

A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APPKEY to achieve remote command execution on the server by manipulating the laravelsession cookie, exploiting arbitrary deserialization through the encrypted session data. The exploitation vector of this...

9.8CVSS0.4356EPSS
Exploits2References3
Circl
Circl
added 2025/01/07 4:7 p.m.9 views

CVE-2024-55556

creationtimestamp| type| source ---|---|--- 2025-01-07 16:07:42+00:00| seen| https://infosec.exchange/users/cve/statuses/113787932627494304 2025-01-07 16:16:32+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lf62crdegm2i 2025-03-12 04:51:28+00:00| confirmed|...

9.8CVSS9.4AI score0.4356EPSS
Exploits2References6
Cvelist
Cvelist
added 2025/01/07 12:0 a.m.21 views

CVE-2024-55556

A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APPKEY to achieve remote command execution on the server by manipulating the laravelsession cookie, exploiting arbitrary deserialization through the encrypted session data. The exploitation vector of this...

0.4356EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2025/01/07 12:0 a.m.12 views

CVE-2024-55556

A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APPKEY to achieve remote command execution on the server by manipulating the laravelsession cookie, exploiting arbitrary deserialization through the encrypted session data. The exploitation vector of this...

7.7AI score0.4356EPSS
Exploits2References3
Rows per page
Query Builder