VYPR
Vendor

Crater Invoice

Products
2
CVEs
10
Across products
15
Status
Private

Products

2

Recent CVEs

10
  • CVE-2024-55556CriJan 7, 2025
    risk 0.74cvss 9.8epss 0.44

    A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APP_KEY to achieve remote command execution on the server by manipulating the laravel_session cookie, exploiting arbitrary deserialization through the encrypted session data. The…

  • CVE-2021-4080HigJan 12, 2022
    risk 0.50cvss 8.8epss 0.01

    crater is vulnerable to Unrestricted Upload of File with Dangerous Type

  • CVE-2023-46865HigOct 30, 2023
    risk 0.48cvss 7.2epss 0.20

    /api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image.

  • CVE-2022-0242HigJan 17, 2022
    risk 0.40cvss 7.2epss 0.01

    Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.

  • CVE-2022-0372MedJan 27, 2022
    risk 0.28cvss 5.4epss 0.01

    Cross-site Scripting (XSS) - Stored in Packagist bytefury/crater prior to 6.0.2.

  • CVE-2022-0203MedJan 26, 2022
    risk 0.28cvss 5.3epss 0.01

    Improper Access Control in GitHub repository crater-invoice/crater prior to 6.0.2.

  • CVE-2022-1032HigMar 29, 2022
    risk 0.00cvss 7.2epss 0.02

    Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6.

  • CVE-2022-1033HigMar 23, 2022
    risk 0.00cvss 7.8epss 0.01

    Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6.

  • CVE-2022-0515MedMar 21, 2022
    risk 0.00cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/crater prior to 6.0.4.

  • CVE-2022-0514MedMar 21, 2022
    risk 0.00cvss 6.5epss 0.01

    Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5.