Crater Invoice
Products
2- 9 CVEs
- 6 CVEs
Recent CVEs
10| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-55556 | Cri | 0.74 | 9.8 | 0.44 | Jan 7, 2025 | A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APP_KEY to achieve remote command execution on the server by manipulating the laravel_session cookie, exploiting arbitrary deserialization through the encrypted session data. The… | ||
| CVE-2021-4080 | Hig | 0.50 | 8.8 | 0.01 | Jan 12, 2022 | crater is vulnerable to Unrestricted Upload of File with Dangerous Type | ||
| CVE-2023-46865 | Hig | 0.48 | 7.2 | 0.20 | Oct 30, 2023 | /api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image. | ||
| CVE-2022-0242 | Hig | 0.40 | 7.2 | 0.01 | Jan 17, 2022 | Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0. | ||
| CVE-2022-0372 | Med | 0.28 | 5.4 | 0.01 | Jan 27, 2022 | Cross-site Scripting (XSS) - Stored in Packagist bytefury/crater prior to 6.0.2. | ||
| CVE-2022-0203 | Med | 0.28 | 5.3 | 0.01 | Jan 26, 2022 | Improper Access Control in GitHub repository crater-invoice/crater prior to 6.0.2. | ||
| CVE-2022-1032 | Hig | 0.00 | 7.2 | 0.02 | Mar 29, 2022 | Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6. | ||
| CVE-2022-1033 | Hig | 0.00 | 7.8 | 0.01 | Mar 23, 2022 | Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6. | ||
| CVE-2022-0515 | Med | 0.00 | 4.3 | 0.00 | Mar 21, 2022 | Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/crater prior to 6.0.4. | ||
| CVE-2022-0514 | Med | 0.00 | 6.5 | 0.01 | Mar 21, 2022 | Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5. |
- risk 0.74cvss 9.8epss 0.44
A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APP_KEY to achieve remote command execution on the server by manipulating the laravel_session cookie, exploiting arbitrary deserialization through the encrypted session data. The…
- risk 0.50cvss 8.8epss 0.01
crater is vulnerable to Unrestricted Upload of File with Dangerous Type
- risk 0.48cvss 7.2epss 0.20
/api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image.
- risk 0.40cvss 7.2epss 0.01
Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.
- risk 0.28cvss 5.4epss 0.01
Cross-site Scripting (XSS) - Stored in Packagist bytefury/crater prior to 6.0.2.
- risk 0.28cvss 5.3epss 0.01
Improper Access Control in GitHub repository crater-invoice/crater prior to 6.0.2.
- risk 0.00cvss 7.2epss 0.02
Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6.
- risk 0.00cvss 7.8epss 0.01
Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6.
- risk 0.00cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/crater prior to 6.0.4.
- risk 0.00cvss 6.5epss 0.01
Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5.