Arbitrary PHP File Upload Vulnerability in laravelCMS

Arbitrary PHP File Upload Vulnerability in laravelCMS

CVE-2018-18888 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

An issue was discovered in laravelCMS through 2018-04-02. \app\Http\Controllers\Backend\ProfileController.php allows upload of arbitrary PHP files because the file extension is not properly checked and uploaded files are not properly renamed.

Learn more about our Cms Pen Testing.