Lucene search

Craterapp Security Vulnerabilities

cve

CVE-2021-4080

crater is vulnerable to Unrestricted Upload of File with Dangerous Type

8.8CVSS

8.5AI Score

0.001EPSS

2022-01-12 02:15 PM

cve

CVE-2022-0203

Improper Access Control in GitHub repository crater-invoice/crater prior to 6.0.2.

5.3CVSS

5.2AI Score

0.001EPSS

2022-01-26 01:15 PM

cve

CVE-2022-0242

Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.

7.2CVSS

6.9AI Score

0.001EPSS

2022-01-17 07:15 PM

cve

CVE-2022-0372

Cross-site Scripting (XSS) - Stored in Packagist bytefury/crater prior to 6.0.2.

5.4CVSS

5.1AI Score

0.001EPSS

2022-01-27 08:15 AM

cve

CVE-2022-0514

Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5.

6.5CVSS

6.4AI Score

0.001EPSS

2022-03-21 07:15 PM

cve

CVE-2022-0515

Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/crater prior to 6.0.4.

4.3CVSS

4.7AI Score

0.001EPSS

2022-03-21 07:15 PM

cve

CVE-2022-1032

Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6.

7.2CVSS

7AI Score

0.001EPSS

2022-03-29 08:15 AM

cve

CVE-2022-1033

Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6.

7.8CVSS

7.6AI Score

0.0005EPSS

2022-03-23 08:15 AM

cve

CVE-2023-46865

/api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image.

7.2CVSS

7.2AI Score

0.001EPSS

2023-10-30 01:15 AM