3 matches found
CVE-2023-46865
/api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image...
CVE-2023-46865
Crater (Crater Invoice) up to version 6.0.6 is affected. The vulnerability exists in /api/v1/company/upload-logo (CompanyController.php) where a superadmin can trigger arbitrary PHP code execution by embedding payloads in the IDAT chunk of a PNG image used for the logo. The root cause is insuffic...
CVE-2023-46865
/api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image...