Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2021-43617

Опубликовано: 14 нояб. 2021
Источник: debian
EPSS Средний

Описание

Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for Laravel Framework, and is unrelated to any reports concerning incorrectly written user applications for image upload.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
php-laravel-frameworkfixed6.20.14+dfsg-3package
php-laravel-frameworkfixed6.20.14+dfsg-2+deb11u1bullseyepackage

Примечания

  • https://hosein-vita.medium.com/laravel-8-x-image-upload-bypass-zero-day-852bd806019b

EPSS

Процентиль: 98%
0.50067
Средний

Связанные уязвимости

ubuntu логотип

CVE-2021-43617

CVSS3: 9.8
ubuntu
больше 3 лет назад

Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for Laravel Framework, and is unrelated to any reports concerning incorrectly written user applications for image upload.

nvd логотип

CVE-2021-43617

CVSS3: 9.8
nvd
больше 3 лет назад

Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for Laravel Framework, and is unrelated to any reports concerning incorrectly written user applications for image upload.

github логотип

GHSA-364w-9g92-3grq

github
больше 3 лет назад

Withdrawn: Laravel Framework does not sufficiently block the upload of executable PHP content.

fstec логотип

BDU:2021-06021

CVSS3: 9.8
fstec
больше 3 лет назад

Уязвимость PHP-фреймворка Laravel, связанная с неограниченной загрузкой файлов опасного типа, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 98%
0.50067
Средний