CVE-2023-24249: Unrestricted Upload of File with Dangerous Type

February 27, 2023 (updated March 7, 2023)

An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows attackers to execute arbitrary code via a crafted PHP file.

References

flyd.uk/post/cve-2023-24249/
github.com/z-song/laravel-admin
laravel-admin.org/
nvd.nist.gov/vuln/detail/CVE-2023-24249

Detect and mitigate CVE-2023-24249 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →