PT-2024-38708 · Unknown · Laravel Property Management System
Wanglun
·
Published
2024-08-19
·
Updated
2024-09-03
·
CVE-2024-7943
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Laravel Property Management System version 1.0
Description:
A critical issue affects the
upload function of the PropertiesController.php file, allowing for unrestricted file upload through the manipulation of the file argument. This can be initiated remotely.Recommendations:
For Laravel Property Management System version 1.0, consider disabling the
upload function of the PropertiesController.php file until a patch is available to prevent unrestricted file uploads. Restrict access to the PropertiesController.php file to minimize the risk of exploitation. Avoid using the file argument in the affected function until the issue is resolved.Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Laravel Property Management System