Vulnerability Details CVE-2017-14704
Multiple unrestricted file upload vulnerabilities in the (1) imageSubmit and (2) proof_submit functions in Claydip Laravel Airbnb Clone 1.0 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/profile.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.019
EPSS Ranking 82.5%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
Products affected by CVE-2017-14704
-
cpe:2.3:a:claydip:airbnb_clone:1.0