CVE-2024-0864

Name of the Vulnerable Software and Affected Versions Laragon (affected versions not specified)

Description The issue allows for a remote code execution (RCE) attack via an improper input validation in a file upload.php file, which serves as an example. This occurs when the Simple Ajax Uploader plugin, included in Laragon open-source software, is enabled. By default, Laragon is not vulnerable until a user decides to use the aforementioned plugin.

Recommendations As a temporary workaround, consider disabling the Simple Ajax Uploader plugin until a patch is available. Restrict access to the file upload.php file to minimize the risk of exploitation. Avoid using the Simple Ajax Uploader plugin in Laragon until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.