CVE-2023-46865 in invoiceinformación

Resumen

por MITRE • 2023-10-30

/api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservar

2023-10-30

Divulgación

2023-10-30

Moderación

aceptado

Artículo

VDB-243824

CPE

listo

EPSS

0.20321

KEV

no

Actividades

muy bajo

Fuentes

Interested in the pricing of exploits?

See the underground prices here!