CVE-2023-46865

Published October 30th, 2023

View on NVD ↗

CVSS v3

7.2

HIGH

CVSS v2

N/A

Affected

PROJECT

Description

/api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image.

crater-invoice-inc/crater

Open Source Invoicing Solution for Individuals & Businesses

GitHub

8.29K