Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

crater-invoice — Vulnerabilities & Security Advisories 8

Browse all 8 CVE security advisories affecting crater-invoice. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Crater-invoice is an open-source invoicing and billing application designed for small businesses to manage invoices, payments, and client information. Historically, it has been vulnerable to multiple remote code execution (RCE) flaws, cross-site scripting (XSS) attacks, and privilege escalation vulnerabilities, often stemming from improper input validation and insecure authentication mechanisms. The application's eight recorded CVEs highlight recurring issues in file handling and session management, with some critical vulnerabilities allowing unauthorized access to sensitive financial data. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities suggests a need for rigorous security hardening and regular updates to mitigate risks.

Top products by crater-invoice: crater-invoice/crater
CVE IDTitleCVSSSeverityPublished
CVE-2022-1032 Insecure deserialization of not validated module file in crater-invoice/crater — crater-invoice/craterCWE-502 7.2 -2022-03-29
CVE-2022-1033 Unrestricted Upload of File with Dangerous Type in crater-invoice/crater — crater-invoice/craterCWE-434 6.7 -2022-03-23
CVE-2022-0515 Cross-Site Request Forgery (CSRF) in crater-invoice/crater — crater-invoice/craterCWE-352 4.3 -2022-03-21
CVE-2022-0514 Business Logic Errors in crater-invoice/crater — crater-invoice/craterCWE-840 6.5 -2022-03-21
CVE-2022-0372 Cross-site Scripting (XSS) - Stored in crater-invoice/crater — crater-invoice/craterCWE-79 5.4 -2022-01-27
CVE-2022-0203 Improper Access Control in crater-invoice/crater — crater-invoice/craterCWE-284 4.3 -2022-01-26
CVE-2022-0242 Unrestricted Upload of File with Dangerous Type in crater-invoice/crater — crater-invoice/craterCWE-434 6.7 -2022-01-17
CVE-2021-4080 Unrestricted Upload of File with Dangerous Type in crater-invoice/crater — crater-invoice/craterCWE-434 7.2 -2022-01-12

This page lists every published CVE security advisory associated with crater-invoice. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.