Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-43617

Опубликовано: 14 нояб. 2021
Источник: nvd
CVSS3: 9.8
CVSS2: 7.5
EPSS Средний

Описание

Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for Laravel Framework, and is unrelated to any reports concerning incorrectly written user applications for image upload.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:laravel:framework:*:*:*:*:*:*:*:*
Версия до 8.70.2 (включая)

EPSS

Процентиль: 98%
0.4777
Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-434

Связанные уязвимости

ubuntu логотип

CVE-2021-43617

CVSS3: 9.8
ubuntu
больше 3 лет назад

Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for Laravel Framework, and is unrelated to any reports concerning incorrectly written user applications for image upload.

debian логотип

CVE-2021-43617

CVSS3: 9.8
debian
больше 3 лет назад

Laravel Framework through 8.70.2 does not sufficiently block the uploa ...

github логотип

GHSA-364w-9g92-3grq

github
больше 3 лет назад

Withdrawn: Laravel Framework does not sufficiently block the upload of executable PHP content.

fstec логотип

BDU:2021-06021

CVSS3: 9.8
fstec
больше 3 лет назад

Уязвимость PHP-фреймворка Laravel, связанная с неограниченной загрузкой файлов опасного типа, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 98%
0.4777
Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-434