Vulnerabilities > Craterapp > High

DATE CVE VULNERABILITY TITLE RISK
2023-10-30 CVE-2023-46865 Code Injection vulnerability in Craterapp Crater
/api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image.
network
low complexity
craterapp CWE-94
7.2
7.2
2022-03-29 CVE-2022-1032 Deserialization of Untrusted Data vulnerability in Craterapp Crater
Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6.
network
low complexity
craterapp CWE-502
7.2
7.2
2022-03-23 CVE-2022-1033 Unrestricted Upload of File with Dangerous Type vulnerability in Craterapp Crater
Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6.
local
low complexity
craterapp CWE-434
7.8
7.8
2022-01-17 CVE-2022-0242 Unspecified vulnerability in Craterapp Crater
Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.
network
low complexity
craterapp
7.2
7.2
2022-01-12 CVE-2021-4080 Unspecified vulnerability in Craterapp Crater
crater is vulnerable to Unrestricted Upload of File with Dangerous Type
network
low complexity
craterapp
8.8
8.8