Show filters
10 Total Results
Displaying 1-10 of 10
Sort by:
Attacker Value
Unknown

CVE-2024-39091

Disclosure Date: August 12, 2024 (last updated August 14, 2024)
An OS command injection vulnerability in the ccm_debug component of MIPC Camera firmware prior to v5.4.1.240424171021 allows attackers within the same network to execute arbitrary code via a crafted HTML request.
Attack Vector: Adjacent NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-46865

Disclosure Date: October 30, 2023 (last updated February 25, 2025)
/api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-1032

Disclosure Date: March 29, 2022 (last updated February 23, 2025)
Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-1033

Disclosure Date: March 23, 2022 (last updated February 23, 2025)
Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6.
Attack Vector: LocalPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-0515

Disclosure Date: March 21, 2022 (last updated February 23, 2025)
Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/crater prior to 6.0.4.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-0514

Disclosure Date: March 21, 2022 (last updated February 23, 2025)
Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-0372

Disclosure Date: January 27, 2022 (last updated February 23, 2025)
Cross-site Scripting (XSS) - Stored in Packagist bytefury/crater prior to 6.0.2.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-0203

Disclosure Date: January 26, 2022 (last updated February 23, 2025)
Improper Access Control in GitHub repository crater-invoice/crater prior to 6.0.2.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-0242

Disclosure Date: January 17, 2022 (last updated February 23, 2025)
Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-4080

Disclosure Date: January 12, 2022 (last updated February 23, 2025)
crater is vulnerable to Unrestricted Upload of File with Dangerous Type
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0