8.8CVSS
8.5AI Score
0.001EPSS
5.3CVSS
5.2AI Score
0.001EPSS
Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.
7.2CVSS
6.9AI Score
0.001EPSS
5.4CVSS
5.1AI Score
0.001EPSS
6.5CVSS
6.4AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/crater prior to 6.0.4.
4.3CVSS
4.7AI Score
0.001EPSS
Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6.
7.2CVSS
7AI Score
0.001EPSS
Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6.
7.8CVSS
7.6AI Score
0.0005EPSS
/api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image.
7.2CVSS
7.2AI Score
0.001EPSS