Product:

Crater

(Craterapp)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 9
Date Id Summary Products Score Patch Annotated
2023-10-30 CVE-2023-46865 /api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image. Crater 7.2
2022-03-29 CVE-2022-1032 Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6. Crater 7.2
2022-03-23 CVE-2022-1033 Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6. Crater 7.8
2022-03-21 CVE-2022-0514 Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5. Crater 6.5
2022-03-21 CVE-2022-0515 Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/crater prior to 6.0.4. Crater 4.3
2022-01-26 CVE-2022-0203 Improper Access Control in GitHub repository crater-invoice/crater prior to 6.0.2. Crater 5.3
2022-01-27 CVE-2022-0372 Cross-site Scripting (XSS) - Stored in Packagist bytefury/crater prior to 6.0.2. Crater 5.4
2022-01-17 CVE-2022-0242 Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0. Crater 7.2
2022-01-12 CVE-2021-4080 crater is vulnerable to Unrestricted Upload of File with Dangerous Type Crater 8.8