CVE-2024-0864

Enabling Simple Ajax Uploader plugin included in Laragon open-source software allows for a remote code execution (RCE) attack via an improper input validation in a file_upload.php file which serves as an example. By default, Laragon is not vulnerable until a user decides to use the aforementioned plugin.
Configurations

Configuration 1 (hide)

cpe:2.3:a:laragon:laragon:*:*:*:*:*:*:*:*

History

24 Apr 2025, 17:01

Type Values Removed Values Added
References () https://cert.pl/en/posts/2024/02/CVE-2024-0864 - () https://cert.pl/en/posts/2024/02/CVE-2024-0864 - Third Party Advisory
References () https://cert.pl/posts/2024/02/CVE-2024-0864 - () https://cert.pl/posts/2024/02/CVE-2024-0864 - Third Party Advisory
References () https://laragon.org/ - () https://laragon.org/ - Product
CPE cpe:2.3:a:laragon:laragon:*:*:*:*:*:*:*:*
First Time Laragon
Laragon laragon

21 Nov 2024, 08:47

Type Values Removed Values Added
References () https://cert.pl/en/posts/2024/02/CVE-2024-0864 - () https://cert.pl/en/posts/2024/02/CVE-2024-0864 -
References () https://cert.pl/posts/2024/02/CVE-2024-0864 - () https://cert.pl/posts/2024/02/CVE-2024-0864 -
References () https://laragon.org/ - () https://laragon.org/ -

10 Oct 2024, 16:15

Type Values Removed Values Added
CWE CWE-20 CWE-434
Summary (en) Enabling Simple Ajax Uploader plugin included in Laragon open-source software allows for a remote code execution (RCE) attack via an improper input validation in a file_upload.php file which serves as an example. By default, Laragon is not vulnerable until a user decides to use the aforementioned plugin. (en) Enabling Simple Ajax Uploader plugin included in Laragon open-source software allows for a remote code execution (RCE) attack via an improper input validation in a file_upload.php file which serves as an example. By default, Laragon is not vulnerable until a user decides to use the aforementioned plugin.

29 Aug 2024, 20:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8

29 Feb 2024, 13:49

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-29 13:15

Updated : 2025-04-24 17:01


NVD link : CVE-2024-0864

Mitre link : CVE-2024-0864

CVE.ORG link : CVE-2024-0864


JSON object : View

Products Affected

laragon

  • laragon
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type