exploitDog

GHSA-5cw4-vrv3-8qx9

Опубликовано: 30 окт. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 7.2

Описание

/api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image.

/api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image.

Ссылки

EPSS

Процентиль: 99%

0.68786

Средний

7.2 High

CVSS3

CVE ID

Дефекты

CWE-94

Связанные уязвимости

CVE-2023-46865

CVSS3: 7.2

nvd

больше 2 лет назад

/api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image.

EPSS

Процентиль: 99%

0.68786

Средний

7.2 High

CVSS3

CVE ID

Дефекты

CWE-94