CVE-2023-46865 Information

Nov 02, 2023 cve

Description

/api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image.

Reference

https://github.com/crater-invoice/crater/pull/1271 https://github.com/crater-invoice/crater/issues/1267

Share on: