.. / CVE-2023-24249

Exploit for laravel-admin v1.8.19 - Arbitrary File Upload (CVE-2023-24249)

Description:

An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows attackers to execute arbitrary code via a crafted PHP file.

Proof of Concept

PoC exploit

Try the exploit in a lab environment:

Lab Machine Link
Hack The Box Usage Go to Practice

References:

https://nvd.nist.gov/vuln/detail/CVE-2023-24249
https://github.com/z-song/laravel-admin
https://laravel-admin.org/
https://flyd.uk/post/cve-2023-24249/