Описание
DevDojo Voyager Arbitrary File Write
DevDojo Voyager through version 1.8.0 is vulnerable to bypassing the file type verification when an authenticated user uploads a file via /admin/media/upload. An authenticated user can upload a web shell causing arbitrary code execution on the server.
Пакеты
Наименование
tcg/voyager
composer
Затронутые версииВерсия исправления
<= 1.8.0
Отсутствует
Связанные уязвимости
CVSS3: 4.3
nvd
около 1 года назад
DevDojo Voyager through version 1.8.0 is vulnerable to bypassing the file type verification when an authenticated user uploads a file via /admin/media/upload. An authenticated user can upload a web shell causing arbitrary code execution on the server.
CVSS3: 8.4
fstec
около 1 года назад
Уязвимость функции getMimeType пакета Voyager PHP-фреймворка Laravel, позволяющая нарушителю выполнить произвольный код