search

z-song / laravel-admin

Build a full-featured administrative interface in ten minutes
https://laravel-admin.org
MIT License
11.15k stars 2.82k forks source link

An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows attackers to execute arbitrary code via a crafted PHP file. #5793

Closed Hel5ing closed 4 months ago

Hel5ing commented 1 year ago

Description:

我的企业Github发现框架存在以下风险,导致项目无法通过安全审核, 请问该如何修复?

截屏2023-06-30 下午1 18 21

Steps To Reproduce:

Mte90 commented 1 year ago

a link instead of a screen to investigate it further?

alexoleynik0 commented 1 year ago

5726 Has a workaround for this issue.