Arbitrary PHP File Upload Vulnerability in laravelCMS
CVE-2018-18888 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
An issue was discovered in laravelCMS through 2018-04-02. \app\Http\Controllers\Backend\ProfileController.php allows upload of arbitrary PHP files because the file extension is not properly checked and uploaded files are not properly renamed.
Learn more about our Cms Pen Testing.