CVE-2023-46865

HIGH

CVSS v3

7.2

HIGH

EPSS Score

68.8%

exploit probability

CISA KEV

No

known exploited

Exploitation

SSVC status

Description

/api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image.

Technical Details

Published
10/30/2023

Frequently Asked Questions

What is CVE-2023-46865?

/api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image.

Is CVE-2023-46865 actively exploited?

Active exploitation of CVE-2023-46865 has not been confirmed. The EPSS score is 68.8%, indicating the estimated probability of exploitation in the next 30 days.

What is the CVSS score for CVE-2023-46865?

CVE-2023-46865 has a CVSS v3 base score of 7.2 (HIGH severity).

Is CVE-2023-46865 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.