Craterapp Crater vulnerabilities
9 known vulnerabilities affecting craterapp/crater.
Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH5MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2023-46865P2HIGHCVSS 7.2≤ 6.0.62023-10-30
CVE-2023-46865 [HIGH] CWE-94 CVE-2023-46865: /api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to
/api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image.
nvd
CVE-2021-4080P3HIGHCVSS 8.8fixed in 6.0.02022-01-12
CVE-2021-4080 [HIGH] CWE-434 CVE-2021-4080: crater is vulnerable to Unrestricted Upload of File with Dangerous Type
crater is vulnerable to Unrestricted Upload of File with Dangerous Type
nvd
CVE-2022-1033P3HIGHCVSS 7.8fixed in 6.0.62022-03-23
CVE-2022-1033 [HIGH] CWE-434 CVE-2022-1033: Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to
Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6.
nvd
CVE-2022-0242P3HIGHCVSS 7.2fixed in 6.02022-01-17
CVE-2022-0242 [HIGH] CWE-434 CVE-2022-0242: Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to
Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.
nvd
CVE-2022-1032P3HIGHCVSS 7.2fixed in 6.0.62022-03-29
CVE-2022-1032 [HIGH] CWE-502 CVE-2022-1032: Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater pri
Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6.
nvd
CVE-2022-0514P4MEDIUMCVSS 6.5fixed in 6.0.52022-03-21
CVE-2022-0514 [MEDIUM] CWE-840 CVE-2022-0514: Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5.
Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5.
nvd
CVE-2022-0203P4MEDIUMCVSS 5.3fixed in 6.0.22022-01-26
CVE-2022-0203 [MEDIUM] CWE-284 CVE-2022-0203: Improper Access Control in GitHub repository crater-invoice/crater prior to 6.0.2.
Improper Access Control in GitHub repository crater-invoice/crater prior to 6.0.2.
nvd
CVE-2022-0372P4MEDIUMCVSS 5.4fixed in 6.0.22022-01-27
CVE-2022-0372 [MEDIUM] CWE-79 CVE-2022-0372: Cross-site Scripting (XSS) - Stored in Packagist bytefury/crater prior to 6.0.2.
Cross-site Scripting (XSS) - Stored in Packagist bytefury/crater prior to 6.0.2.
nvd
CVE-2022-0515P4MEDIUMCVSS 4.3fixed in 6.0.42022-03-21
CVE-2022-0515 [MEDIUM] CWE-352 CVE-2022-0515: Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/crater prior to 6.0.4.
Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/crater prior to 6.0.4.
nvd