漏洞描述
FrozenNode Laravel-Administrator是一款用于Laravel框架的管理界面生成器。 FrozenNode Laravel-Administrator 5.0.12及之前版本中存在代码问题漏洞。攻击者可借助文件上传功能利用该漏洞绕过安全限制,上传恶意文件,进而执行PHP代码。
Laravel Framework 存在任意文件上传漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2017-16894: Laravel <5.5.21 - Information Disclosure
- POC CVE-2021-3129: Laravel with Ignition <= v8.4.2 Debug Mode - Remote Code Execution
- POC CVE-2022-40734: Laravel Filemanager v2.5.1 - Local File Inclusion
- POC CVE-2017-16894: Laravel .env 配置文件泄露
- POC CVE-2021-3129: LARAVEL <= V8.4.2 DEBUG MODE - REMOTE CODE EXECUTION
- POC CVE-2022-40734: UniSharp aka Laravel Filemanager v2.5.1 - Directory Traversal
- POC laravel-improper-webdir: Laravel Improper Webdir
- POC blade-oob: Laravel Blade 11.27.2 - Out of Band Template Injection
- POC laravel-env: Laravel - Sensitive Information Disclosure
- POC laravel-log-file: Laravel log file publicly accessible
- POC laravel-telescope: Laravel Telescope Disclosure
- POC laravel-debug-enabled: Laravel Debug Enabled
- POC laravel-debug-error: Larvel Debug Method Enabled