CVE-2023-46865 in invoice
Resumen
por MITRE • 2023-10-30
/api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.