Crater
CVE-2022-0514
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5.
AnalysisAI
Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified under CWE-840. Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5. Affected products include: Craterapp Crater. Version information: prior to 6.0.5..
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6. Rated high se
/api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PH
Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6. Rated h
Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/crater prior to 6.0.4. Rated medium severity (CVSS
Cross-site scripting in Crater invoice application (up to v6.0.6) allows an authenticated attacker to inject malicious s
Same weakness CWE-840 – Business Logic Errors
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today