asylumdx

1 exploit Active since Oct 2023
CVE-2023-46865 NOMISEC HIGH WORKING POC
crater < 6.0.6 - Authenticated Remote Code Execution via Company Logo Image Upload
/api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image.
4 stars
CVSS 7.2