GHSA-9r2j-rg24-fvpj

Source

https://github.com/advisories/GHSA-9r2j-rg24-fvpj

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9r2j-rg24-fvpj/GHSA-9r2j-rg24-fvpj.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-9r2j-rg24-fvpj

Aliases

CVE-2020-10963

Published

2022-05-24T17:12:48Z

Modified

2024-04-23T23:11:43.262853Z

Severity

7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

FrozenNode Laravel-Administrator unrestricted file upload

Details

FrozenNode Laravel-Administrator through 5.0.12 allows unrestricted file upload (and consequently Remote Code Execution) via admin/tips_image/image/file_upload image upload with PHP content within a GIF image that has the .php extension. NOTE: this product is discontinued.

Database specific

{
    "nvd_published_at": "2020-03-25T22:15:00Z",
    "cwe_ids": [
        "CWE-434"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-23T22:39:50Z"
}

References

Affected packages

Packagist / frozennode/administrator

Package

Name: frozennode/administrator
Purl: pkg:composer/frozennode/administrator

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

5.0.12

Affected versions

v4.*

v4.0.0

v4.0.1

v4.1.0

v4.2.0

v4.3.0

v4.4.0

v4.4.1

v4.5.0

v4.6.0

v4.6.1

v4.7.0

v4.7.1

v4.7.2

v4.8.0

v4.9.0

v4.10.0

v4.11.0

v4.11.1

v4.11.2

v4.12.0

v4.12.1

v4.13.0

v4.14.0

v4.14.1

v4.14.2

v4.15.0

v4.16.0

v4.16.1

v4.16.3

v4.16.4

v4.16.5

v4.16.6

v4.16.7

v4.17

4.*

4.16.2

v5.*

v5.0.0

v5.0.1

v5.0.2

v5.0.3

v5.0.4

v5.0.5

v5.0.6

v5.0.7

v5.0.8

v5.0.9

v5.0.10

v5.0.11

v5.0.12