CVE-2022-0515

Cross-Site Request Forgery CSRF in GitHub repository crater-invoice/crater prior to 6.0.4...

CVE-2022-0242

Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0...

EUVD-2022-15643

Malicious code in bioql PyPI...

EUVD-2022-0743

Malicious code in bioql PyPI...

EUVD-2022-15642

Malicious code in bioql PyPI...

EUVD-2022-0491

Malicious code in bioql PyPI...

EUVD-2022-24382

Malicious code in bioql PyPI...

CVE-2024-55556

A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APPKEY to achieve remote command execution on the server by manipulating the laravelsession cookie, exploiting arbitrary deserialization through the encrypted session data. The exploitation vector of this...

CVE-2022-0514

Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5...

CVE-2022-1033

Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6...

CVE-2022-1032

Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6...

CVE-2022-0203

Improper Access Control in GitHub repository crater-invoice/crater prior to 6.0.2...

CVE-2024-55556

A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APPKEY to achieve remote command execution on the server by manipulating the laravelsession cookie, exploiting arbitrary deserialization through the encrypted session data. The exploitation vector of this...

CVE-2024-55556

A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APPKEY to achieve remote command execution on the server by manipulating the laravelsession cookie, exploiting arbitrary deserialization through the encrypted session data. The exploitation vector of this...

CVE-2024-55556

A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APPKEY to achieve remote command execution on the server by manipulating the laravelsession cookie, exploiting arbitrary deserialization through the encrypted session data. The exploitation vector of this...

CVE-2024-55556

A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APPKEY to achieve remote command execution on the server by manipulating the laravelsession cookie, exploiting arbitrary deserialization through the encrypted session data. The exploitation vector of this...

CVE-2024-55556

A CVE in Crater Invoice (InvoiceShelf/META: Laravel cookie-based session deserialization) enables unauthenticated remote code execution when an attacker obtains Laravel APP_KEY. Public docs describe that manipulating the laravel_session cookie, which contains serialized session data encrypted wit...

PT-2024-36552 · Unknown · Crater Invoice

Name of the Vulnerable Software and Affected Versions: Crater Invoice affected versions not specified Description: A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APP KEY to achieve remote command execution on the server by manipulating the laravel sessi...

Deserialization of untrusted data

Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6...

CVE-2022-1032 Insecure deserialization of not validated module file in crater-invoice/crater

Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6...