CVE-2020-10963
CVE-2020-10963
FrozenNode Laravel-Administrator through 5.0.12 allows unrestricted file upload (and consequently Remote Code Execution) via admin/tips_image/image/file_upload image upload with PHP content within a GIF image that has the .php extension. NOTE: this product is discontinued.
Affected products
n/a · n/apublic PoCs found — 3
githubgithub.com/scopion/CVE-2020-10963★ 0cve_referencepacketstormsecurity.com/files/160243/Laravel-Administrator-4-File-Upload.htmlunverifiedexploitdbwww.exploit-db.com/exploits/49112unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →