An issue was discovered in laravelCMS through 2018-04-02. \app\Http\Controllers\Backend\ProfileController.php allows upload of arbitrary PHP files because the file extension is not properly checked and uploaded files are not properly renamed.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://github.com/Leslie1sMe/laravelCMS/issues/4 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-11-01T01:00:00Z
Updated: 2024-09-16T16:58:59.268Z
Reserved: 2018-10-31T00:00:00Z
Link: CVE-2018-18888
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2018-11-01T01:29:00.330
Modified: 2019-01-29T14:36:39.773
Link: CVE-2018-18888
Redhat
No data.