CVE-2023-24249

HIGH

Laravel-Admin <1.8.19 - RCE

Title source: llm

Description

An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows attackers to execute arbitrary code via a crafted PHP file.

Exploits (2)

nomisec WORKING POC 11 stars
by IDUZZEL · poc
https://github.com/IDUZZEL/CVE-2023-24249-Exploit
nomisec WORKING POC
by ldb33 · poc
https://github.com/ldb33/CVE-2023-24249-PoC

References (3)

Scores

CVSS v3 7.2
EPSS 0.4816
EPSS Percentile 97.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-434
Status published
Products (2)
encore/laravel-admin 0Packagist
laravel-admin/laravel-admin 1.8.19
Published Feb 27, 2023
Tracked Since Feb 18, 2026