What is CVE-2024-55556?

CVE-2024-55556 is a vulnerability in N/a. Published 2025-01-07.

Is CVE-2024-55556 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2024-55556

A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APP_KEY to achieve remote command execution on the server by manipulating the laravel_session cookie, exploiting arbitrary deserialization through t…

EPSS: 0.866 (99.4th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework
ARPSyndicate/cve-scores

References

www.synacktiv.com/
github.com/crater-invoice/crater
www.synacktiv.com/advisories/crater-invoice-unauthenticated-remote-command-exec…

Frequently asked questions

What is CVE-2024-55556?: CVE-2024-55556 is a vulnerability in N/a. Published 2025-01-07.
Is CVE-2024-55556 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.