PHP Remote File Inclusion in crater-invoice/crater
Dec 3rd 2021
No mime type restriction on file uploads, allowing an attacker to upload and execute arbitrary PHP code.
Proof of Concept
- Login to the dashboard, preferably using your own localhost install.
- Go to "Expenses", "Settings > Account" or "Settings > Company".
- Upload any PHP file you want.
Allows remote attackers to execute arbitrary PHP code.