2 results (0.001 seconds)

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2

An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows attackers to execute arbitrary code via a crafted PHP file. • https://github.com/IDUZZEL/CVE-2023-24249-Exploit https://flyd.uk/post/cve-2023-24249 https://github.com/z-song/laravel-admin https://laravel-admin.org • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

z-song laravel-admin 1.7.3 has XSS via the Slug or Name on the Roles screen, because of mishandling on the "Operation log" screen. z-song laravel-admin versión 1.7.3, presenta una vulnerabilidad de tipo XSS por medio de Slug o Name en la pantalla Roles, debido a un manejo inapropiado en la pantalla "Operation log". • https://github.com/z-song/laravel-admin/issues/3847 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •