← volver
CVE-2020-10963

CVE-2020-10963

EPSS 14.7%
FrozenNode Laravel-Administrator through 5.0.12 allows unrestricted file upload (and consequently Remote Code Execution) via admin/tips_image/image/file_upload image upload with PHP content within a GIF image that has the .php extension. NOTE: this product is discontinued.
Productos afectados
n/a · n/a
PoCs públicas encontradas3
githubgithub.com/scopion/CVE-2020-109630cve_referencepacketstormsecurity.com/files/160243/Laravel-Administrator-4-File-Upload.htmlno verificadoexploitdbwww.exploit-db.com/exploits/49112no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://packetstormsecurity.com/files/160243/Laravel-Administrator-4-File-Upload.htmlhttps://xavibel.com/2020/03/23/unrestricted-file-upload-in-frozennode-laravel-administrator/