CVE-2024-51152
📋 TL;DR
A file upload vulnerability in Laravel CMS v1.4.7 and earlier allows remote attackers to upload malicious PHP files (like shell.php) and execute arbitrary code on the server. This affects all deployments using vulnerable versions of Laravel CMS.
💻 Affected Systems
- Laravel CMS
📦 What is this software?
Laravel Cms by Alexstack
⚠️ Risk & Real-World Impact
Worst Case
Full server compromise leading to data theft, ransomware deployment, lateral movement to other systems, and complete loss of system integrity.
Likely Case
Webshell installation allowing persistent backdoor access, data exfiltration, and further exploitation of the hosting environment.
If Mitigated
Limited impact if file uploads are disabled or strict file type validation is implemented, though the vulnerability remains present.
🎯 Exploit Status
Simple file upload with PHP extension bypass leads to remote code execution. The shell.php reference suggests known exploit patterns.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown - check vendor for updates
Vendor Advisory: Not provided in references
Restart Required: No
Instructions:
1. Check Laravel CMS vendor for security updates. 2. If no patch exists, consider migrating to a maintained CMS. 3. Apply workarounds immediately.
🔧 Temporary Workarounds
Disable File Uploads
allTemporarily disable all file upload functionality in Laravel CMS configuration.
Edit Laravel CMS configuration to remove or comment out file upload routes/controllers
Implement Strict File Validation
allAdd server-side validation to reject PHP files and only allow specific safe extensions.
Add validation in upload handler: if(in_array($extension, ['php', 'phtml', 'phar'])) { reject_upload(); }
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block file uploads with .php extensions
- Restrict upload directory permissions and disable PHP execution in upload directories
🔍 How to Verify
Check if Vulnerable:
Check Laravel CMS version in admin panel or composer.json. If version ≤1.4.7 and file uploads are enabled, assume vulnerable.Check Version:
Check composer.json for version or Laravel CMS admin interfaceVerify Fix Applied:
Test file upload functionality with PHP files - they should be rejected. Verify no .php files exist in upload directories.📡 Detection & Monitoring
Log Indicators:
- File upload requests with .php extensions
- Unexpected files in upload directories
- Web server logs showing execution of uploaded PHP files
Network Indicators:
- HTTP POST requests to upload endpoints with PHP file content
- Unusual outbound connections from web server
SIEM Query:
source="web_logs" AND (uri_path="*upload*" AND file_extension="php")