MidnightBSD

Advisories for laravelcms_project

CVE-2018-18888 HIGH

An issue was discovered in laravelCMS through 2018-04-02. \app\Http\Controllers\Backend\ProfileController.php allows upload of arbitrary PHP files because the file extension is not properly checked and uploaded files are not properly renamed.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-434,

Products Affected

Vendor Product Version
laravelcms_project laravelcms *