Critical severity9.8NVD Advisory· Published Nov 1, 2018· Updated Jun 17, 2026
CVE-2018-18888
CVE-2018-18888
Description
An issue was discovered in laravelCMS through 2018-04-02. \app\Http\Controllers\Backend\ProfileController.php allows upload of arbitrary PHP files because the file extension is not properly checked and uploaded files are not properly renamed.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <=2018-04-02
Patches
Vulnerability mechanics
References
1- github.com/Leslie1sMe/laravelCMS/issues/4nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.