11 matches found
CVE-2024-51152
File Upload vulnerability in Laravel CMS v.1.4.7 and before allows a remote attacker to execute arbitrary code via the shell.php a component...
CVE-2024-51152
File Upload vulnerability in Laravel CMS v.1.4.7 and before allows a remote attacker to execute arbitrary code via the shell.php a component...
Arbitrary File Upload
Overview alexstack/laravel-cms is a Simple Bootstrap Laravel CMS Affected versions of this package are vulnerable to Arbitrary File Upload due to unchecked access to the downloadFile function in index in LaravelCmsFileAdminController.php. Remediation There is no fixed version for...
CVE-2024-51152
File Upload vulnerability in Laravel CMS v.1.4.7 and before allows a remote attacker to execute arbitrary code via the shell.php a component...
CVE-2024-51152
CVE-2024-51152 concerns a file upload vulnerability in Laravel CMS versions 1.4.7 and earlier. The issue stems from the shell.php component, allowing a remote attacker to execute arbitrary code via a crafted upload. Documented impact indicates full code execution with high impact on confidentiali...
CVE-2024-51152
File Upload vulnerability in Laravel CMS v.1.4.7 and before allows a remote attacker to execute arbitrary code via the shell.php a component...
CVE-2023-47129
Statmic is a core Laravel content management system Composer package. Prior to versions 3.4.13 and 4.33.0, on front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded. This only affects forms using the "Forms" feature and not just any arbitrary form. This...
Twill Cross-Site Request Forgery Vulnerability
Twill is an open source Cms toolkit for Laravel. It is used to help developers quickly create intuitive, powerful and flexible custom management console. twill cross-site request forgery vulnerability, the vulnerability stems from the software in the login authentication process using get request...
Design/Logic Flaw
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. A bypass of CVE-2020-15247 fixed in 1.0.469 and 1.1.0 was discovered that has the same impact as CVE-2020-15247. An authenticated backend user with the cms.managepages, cms.managelayouts, or...
Microweber v1.0.3 File Upload Filter Bypass Remote PHP Code Execution Vulnerability
Exploit for php platform in category web applications Vendor: Microweber Team Product web page: http://www.microweber.com Affected version: 1.0.3 Summary: Microweber is an open source drag and drop PHP/Laravel CMS licensed under Apache License, Version 2.0 which allows you to create your own...
Microweber v1.0.3 Stored XSS And CSRF Add Admin Exploit
Summary Microweber is an open source drag and drop PHP/Laravel CMS licensed under Apache License, Version 2.0 which allows you to create your own website, blog or online shop. Description The application allows users to perform certain actions via HTTP requests without performing any validity...