CVE-2023-24249 : An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows attackers

An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows attackers to execute arbitrary code via a crafted PHP file.

Published 2023-02-27 19:15:11

Updated 2023-03-07 19:47:35

Source MITRE

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2023-24249

Laravel-admin » Laravel-admin » Version: 1.8.19
cpe:2.3:a:laravel-admin:laravel-admin:1.8.19:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

61.36%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 98 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	1.2	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

Assigned by: nvd@nist.gov (Primary)

https://laravel-admin.org/

首页 | Laravel-admin
Product
https://github.com/z-song/laravel-admin

GitHub - z-song/laravel-admin: Build a full-featured administrative interface in ten minutes
Product
https://flyd.uk/post/cve-2023-24249/

CVE-2023-24249 | flyD
Exploit;Third Party Advisory

Jump to