3 matches found
CVE-2024-47823
Livewire is a full-stack framework for Laravel that allows for dynamic UI components without leaving PHP. In livewire/livewire prior to 2.12.7 and v3.5.2, the file extension of an uploaded file is guessed based on the MIME type. As a result, the actual file extension from the file name is not...
CVE-2024-47823
Livewire is a full-stack framework for Laravel that allows for dynamic UI components without leaving PHP. In livewire/livewire prior to 2.12.7 and v3.5.2, the file extension of an uploaded file is guessed based on the MIME type. As a result, the actual file extension from the file name is not...
CVE-2024-47823
CVE-2024-47823 affects livewire/livewire (Laravel). In versions before 2.12.7 and 3.5.2, the uploaded file extension is inferred from MIME type, not from the original filename, enabling an attacker to bypass validation and potentially achieve RCE when a PHP file with a valid MIME type is uploaded...