2 matches found
CVE-2022-1032 Insecure deserialization of not validated module file in crater-invoice/crater
Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6...
CVE-2022-1032
CVE-2022-1032 affects the Crater Invoice Crater project prior to 6.0.6, reported as insecure deserialization of unvalidated module files. The exploit path demonstrated in the documents involves uploading a manipulated Phar archive (phar.phar) via the web API, then triggering remote code execution...