Miggo Logo
Miggo Vulnerability Database
CVE-2023-24249

CVE-2023-24249:
laravel-admin has Arbitrary File Upload vulnerability

7.2

CVSS Score
3.1

Basic Information

CVE ID
CVE-2023-24249
GHSA ID
GHSA-g857-47pm-3r32
EPSS Score
0.97166%
CWE
CWE-434
Published
2/27/2023
Updated
3/8/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
encore/laravel-admincomposer<= 1.8.19

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper file extension validation during avatar uploads. The PoC demonstrates that attackers can upload a PHP file by manipulating the filename in the request (e.g., 'php.jpg.php'). This indicates the backend fails to properly sanitize or validate the final extension after processing the filename. The handleFileUpload function (or similar) in the user settings controller is responsible for processing uploads, and its lack of strict extension checks allows dangerous file types to be stored. The high confidence comes from the reproducible exploit steps and the CWE-434 classification, which directly points to unrestricted file upload handling.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n *r*itr*ry *il* uplo** vuln*r**ility in l*r*v*l-**min v*.*.** *llows *tt**k*rs to *x**ut* *r*itr*ry *o** vi* * *r**t** P*P *il*.

Reasoning

T** vuln*r**ility st*ms *rom improp*r *il* *xt*nsion v*li**tion *urin* *v*t*r uplo**s. T** Po* **monstr*t*s t**t *tt**k*rs **n uplo** * `P*P` *il* *y m*nipul*tin* t** *il*n*m* in t** r*qu*st (*.*., 'p*p.jp*.p*p'). T*is in*i**t*s t** ***k*n* **ils to