N/A

FrozenNode Laravel-Administrator through 5.0.12 allows unrestricted file upload (and consequently Remote Code Execution) via admin/tips_image/image/file_upload image upload with PHP content within a GIF image that has the .php extension. NOTE: this product is discontinued.

N/A

N/A

FrozenNode Laravel-Administrator 代码问题漏洞

FrozenNode Laravel-Administrator是一款用于Laravel框架的管理界面生成器。 FrozenNode Laravel-Administrator 5.0.12及之前版本中存在代码问题漏洞。攻击者可借助文件上传功能利用该漏洞绕过安全限制，上传恶意文件，进而执行PHP代码。

N/A

N/A