PT-2017-13637 · Claydip · Claydip Laravel Airbnb Clone

Ihsan Sencan

Published

2017-09-26

Updated

2017-10-10

CVE-2017-14704

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Claydip Laravel Airbnb Clone version 1.0

Description The issue concerns unrestricted file upload vulnerabilities in the imageSubmit and proof submit functions. This allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and then accessing it via a direct request to the file in images/profile.

Recommendations For Claydip Laravel Airbnb Clone version 1.0, consider disabling the imageSubmit and proof submit functions until a patch is available to prevent remote authenticated users from uploading executable files. Restrict access to the images/profile directory to minimize the risk of exploitation. Avoid allowing uploads of files with executable extensions in these functions.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2017-14704

Affected Products

Claydip Laravel Airbnb Clone

PT-2017-13637 · Claydip · Claydip Laravel Airbnb Clone

CVE-2017-14704

Weakness Enumeration

Related Identifiers

Affected Products

References · 3