Vulnerabilities > Craterapp

DATE CVE VULNERABILITY TITLE RISK
2023-10-30 CVE-2023-46865 Code Injection vulnerability in Craterapp Crater
/api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image.
network
low complexity
craterapp CWE-94
7.2
7.2
2022-03-29 CVE-2022-1032 Deserialization of Untrusted Data vulnerability in Craterapp Crater
Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6.
network
low complexity
craterapp CWE-502
6.5
6.5
2022-03-23 CVE-2022-1033 Unrestricted Upload of File with Dangerous Type vulnerability in Craterapp Crater
Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6.
network
low complexity
craterapp CWE-434
6.5
6.5
2022-03-21 CVE-2022-0514 Unspecified vulnerability in Craterapp Crater
Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5.
network
low complexity
craterapp
4.0
4.0
2022-03-21 CVE-2022-0515 Cross-Site Request Forgery (CSRF) vulnerability in Craterapp Crater
Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/crater prior to 6.0.4.
network
craterapp CWE-352
4.3
4.3
2022-01-27 CVE-2022-0372 Cross-site Scripting vulnerability in Craterapp Crater
Cross-site Scripting (XSS) - Stored in Packagist bytefury/crater prior to 6.0.2.
network
craterapp CWE-79
3.5
3.5
2022-01-26 CVE-2022-0203 Missing Authorization vulnerability in Craterapp Crater
Improper Access Control in GitHub repository crater-invoice/crater prior to 6.0.2.
network
low complexity
craterapp CWE-862
5.0
5.0
2022-01-17 CVE-2022-0242 Unrestricted Upload of File with Dangerous Type vulnerability in Craterapp Crater
Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.
network
craterapp CWE-434
6.0
6.0
2022-01-12 CVE-2021-4080 Unrestricted Upload of File with Dangerous Type vulnerability in Craterapp Crater
crater is vulnerable to Unrestricted Upload of File with Dangerous Type
network
low complexity
craterapp CWE-434
6.5
6.5