Описание
/api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image.
Ссылки
- ExploitIssue TrackingVendor Advisory
- Issue TrackingPatch
- ExploitIssue TrackingVendor Advisory
- Issue TrackingPatch
Уязвимые конфигурации
Конфигурация 1Версия до 6.0.6 (включая)
cpe:2.3:a:craterapp:crater:*:*:*:*:*:*:*:*
EPSS
Процентиль: 99%
0.68786
Средний
7.2 High
CVSS3
Дефекты
CWE-94
Связанные уязвимости
CVSS3: 7.2
github
больше 2 лет назад
/api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image.
EPSS
Процентиль: 99%
0.68786
Средний
7.2 High
CVSS3
Дефекты
CWE-94